WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Extremely low ram proxy  (Read 25293 times)

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Extremely low ram proxy
« on: August 07, 2011, 05:52:26 AM »
Objective is to block all sites except youtube.com.  A firewall only blocks ip's, and youtube ip's are variable.  So a proxy is recommended instead, configured to block DNS lookups to anything but youtube.com.  But available ram is very limited.

Does an extremely low ram proxy exist for TC?  Like 32 MB or even less, with TC in scatter mode?

Can this simple task better be implemented by rebuilding TC after adding a line or two of C code somewhere in the TC sources?
« Last Edit: August 07, 2011, 06:11:42 AM by Ulysses_ »

Offline yoshi314

  • Full Member
  • ***
  • Posts: 135
Re: Extremely low ram proxy
« Reply #1 on: August 09, 2011, 08:21:55 AM »
1. erase /etc/resolv.conf
2. add youtube.com entry to /etc/hosts
3. success.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #2 on: August 10, 2011, 04:27:36 PM »
Good point, thanks.

What if the TC machine is to provide internet access to other machines in a LAN?  Is there some low-ram trick to make TC only allow some domain names?

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Extremely low ram proxy
« Reply #3 on: August 10, 2011, 04:32:54 PM »
DNSMasq can do what you need.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #4 on: August 13, 2011, 04:03:53 PM »
What if a link like this is clicked at or otherwise downloaded?

« Last Edit: August 13, 2011, 04:08:40 PM by Ulysses_ »

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: Extremely low ram proxy
« Reply #5 on: August 13, 2011, 07:00:01 PM »
That is not a domain name.

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Extremely low ram proxy
« Reply #6 on: August 13, 2011, 08:07:29 PM »
What if a link like this is clicked at or otherwise downloaded?
iptables is the tool for that job.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #7 on: August 14, 2011, 02:37:48 PM »
But you don't know what IPs to allow while blocking all else.  If only domain names had one IP each, you'd simply add an iptables allow rule for youtube's IP while iptables is blocking all else.  But youtube.com has several IP's and they may change.  

Has anyone thought of something like rebuilding dnsmasq with a few more lines of C code so it generates iptables rules after every successful DNS query?
« Last Edit: August 14, 2011, 02:42:32 PM by Ulysses_ »

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: Extremely low ram proxy
« Reply #8 on: August 15, 2011, 12:31:28 AM »
You generally use iptables to block incomming connections, not outgoing.

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Extremely low ram proxy
« Reply #9 on: August 15, 2011, 11:12:22 AM »
You generally use iptables to block incoming connections, not outgoing.
Works for either.

Quote
Objective is to block all sites except youtube.com
I believe I have a dnsmasq solution for this. I will test it out and post results.

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Extremely low ram proxy
« Reply #10 on: August 15, 2011, 12:04:43 PM »
The upstream DNS server for both examples is 192.168.1.2. Execute "dnsmasq -R -C dnsmasq.conf"

Single machine setup:
IP: 192.168.1.128
/etc/resolv.conf
nameserver 127.0.0.1
dnsmasq.conf
server=/youtube.com/192.168.1.2

Client/Server setup:
Server
IP:192.168.1.128
dnsmasq.conf
server=/youtube.com/192.168.1.2
Client
IP: 192.168.1.129
/etc/resolv.conf
nameserver 192.168.1.128

nslookup for a host on any domain other than youtube.com fails. If you need additional details, just ask.
« Last Edit: August 15, 2011, 12:06:26 PM by danielibarnes »

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #11 on: August 15, 2011, 12:07:20 PM »
Don't forget to include this domain name too: ytimg.com.  It is required by youtube.com in order to show videos, so says the NoScript addon:
« Last Edit: August 15, 2011, 12:11:58 PM by Ulysses_ »

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Extremely low ram proxy
« Reply #12 on: August 15, 2011, 12:09:21 PM »
Don't forget to include this domain name too: ytimg.com.  It is required by youtube.com in order to show videos, so says the NoScript addon:

You can just add an additional line to dnsmasq.conf:
server=/ytimg.com/192.168.1.2

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #13 on: August 15, 2011, 12:13:52 PM »
Are you doing something about the danger of malicious links that specify IP instead of domain name so no dns query is generated?

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Extremely low ram proxy
« Reply #14 on: August 15, 2011, 12:19:58 PM »
Just had a brainwave. Can dnsmasq associate a fixed IP with youtube.com and ignore upstream dns servers?