1 |
Starting a separate topic, rather than hijack the main thread... |
2 |
|
3 |
On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote |
4 |
> |
5 |
> 6 # : ISP is starting to filter customers web access. The ISP is |
6 |
> deciding what sites customers are allowed to see. ( look up the |
7 |
> practice called "ransom" ). |
8 |
|
9 |
Does this consist of grabbing outbound traffic to port 53? If so, I |
10 |
wonder if the following is possible... |
11 |
|
12 |
* Can a POTS dialup or a wifi connection co-exist with a broadband |
13 |
connection? It would make the network config and route config more |
14 |
complex. |
15 |
|
16 |
* If yes, can iptables be used to redirect only outbound-to-port-53 |
17 |
traffic to the dialup/wifi connection, with everything else going to |
18 |
the broadband connection? |
19 |
|
20 |
* Another option, if you know the alternate DNS server address in |
21 |
advance, set up routing of the /32 (for the alternate DNS server) |
22 |
to ppp0 or wlan0 with higher priority than the default route. This |
23 |
doesn't require any iptables magic. |
24 |
|
25 |
* Can the standard linux network stack handle this properly, and use |
26 |
incoming DNS responses from the dialup/wifi connection for the IP |
27 |
addresses of websites, etc to be accessed via broadband? |
28 |
|
29 |
DNS traffic is low volume, usually fitting into 1 packet. So it |
30 |
would be feasible to divert DNS requests to a lower-speed connection. |
31 |
The broadband ISP would handle all the highspeed website, etc, traffic |
32 |
but it would not see any DNS traffic, and would not be able to intercept |
33 |
it. |
34 |
|
35 |
-- |
36 |
Walter Dnes <waltdnes@××××××××.org> |
37 |
I don't run "desktop environments"; I run useful applications |