0

For security reasons, I'd like to route all wifi traffic in my home network through one computer acting as an HTTP proxy. I'm thinking something like:

  • Connect my ISP's cable modem to a wired router (A)
  • Connect my wireless router to router A
  • Connect the computer that will be the HTTP proxy to router A
  • Specify the IP address of the HTTP proxy in the wireless router

Thus wifi traffic should go through the proxy.

My questions: Does this smell right, and is it possible to specify an HTTP proxy in a router's settings, like DD-WRT?

Improve this question
1
  • You must configure each application using a proxy. You don't configure the network to send to a proxy because the proxy will ignore traffic not destined to it. Commented Aug 8, 2016 at 14:32

1 Answer 1

Reset to default
1

Question: what should happen with non-HTTP traffic in the wireless network?

Apart from that, you will have to do certain things:

  1. Wireless clients (lets call them guests) will connect to your wireless router (B). The guests will need the IP-settings (IP, GW, DNS server, etc). If you aim for security, router B is probably the right point to do this. (You probably also want to make sure that B does not act as a DHCP server on the LAN side)
  2. Now you want to configure B in such a way that your proxy computer (P) is reachable by the guests. You could do this by giving P an IP from the same subnet as the guests. (but there are other ways too).
  3. You also want to make sure that guests can only communicate with P and nothing else. Depending on your router B, this might be trivial/easy/difficult/impossible.
    • This is especially important if you are aiming for security.
    • If a guest could simply assign itself an other IP and reach A directly, your security is broken.
    • Also, if guests are able to sniff network traffic, they can do all kind of attacks. You want guests to be really isolated and only able to communicate with P.
  4. Now go ahead and set up your proxy server. You can either have a transparent proxy or go for a "normal" proxy server (or maybe a SOCKS proxy?)
  5. If you use a normal proxy, your guests need to configure their software accordingly. They can either manually set the proxy settings or you go for an auto-config method like WPAD. (see also WPAD at Wikipedia)
Improve this answer
2
  • I don't care about non-HTTP traffic. And I was hoping to just route all HTTP traffic to B through P on its way out, as opposed to having the HTTP proxy show up as a setting that is propagated to clients the same way DNS servers are. Commented Aug 8, 2016 at 15:46
  • Routing is done on the IP layer, HTTP is on the Application layer. You would need a router with deep packet inspection and stateful routing (and obviously stateful packet inspection). This is usually way to expensive. So your only realistic possibility is to route all traffic of B through P. .... Also: don't forget DNS requests. Commented Aug 10, 2016 at 13:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.