Using firewallD for a ... proxy server (?)

mackeyAUKS · April 9, 2023, 7:24am

what i want to do is have the Hyundai HTN4020MPC02 that i’ve just bought be the device that’s connected directly to the internet with a non-WIFI cable modem, and all other devices connect to the internet through it.

using the one device for the primary security server or whatever would take workload off of the other devices, which is a decent and commonly dismissed consideration for [say] over-the-internet broadcasting {unfortunately, Microsoft has a belligerent stance on the use of Windows Defender}.

Windows 10 introduced the hotspot feature for Windows, though i don’t know if openSUSE does that or not.

even if i’ll have to get a non-modem WIFI router [to connect to the Hyundai HTN4020MPC02 and not directly to the modem], how can i accomplish this with firewallD?

… and would use of squid be beneficial?

marel · April 9, 2023, 12:01pm

So you want to use this Hyundai Mini PC to act as gateway.

I would start with getting it working without thinking about thinking about a firewall or squid, that can come later.

Is it that you want the Mini PC as Access Point for the other devices? If so, check if the WiFi on the Mini PC support’s it, see:

https://wiki.archlinux.org/title/software_access_point

WiFi hotspot functionality is also supported:

https://help.ubuntu.com/stable/ubuntu-help/net-wireless-adhoc.html.en

But if you care about security I do not see why to use hotspot functionality instead of (normal) AP functionality.

mackeyAUKS · April 9, 2023, 2:15pm

thank you for the input.

risk assessment:

there is more of a threat to my network from the internet than from my neighbors, and use of WIFI is preferable to having too-long rj wire strung from one computer to another.

furthermore, cellphones and tablets don’t support use of rj wire.

using the mini-pc as a hotspot, in place of the “normal” setup with the combined cable modem and WIFI router, i would be able to turn the WIFI connectivity off when i’m not using it without unreasonable effort.

honestly, the main reason for any buffer is in case i begin to play video games and i win any given match and the person who lost the match decides to be an asshole. if they dDOS me or whatever, it should be that they’ll take out the buffer and not any of my more vital devices.

marel · April 9, 2023, 7:42pm

For what you want you do not need hotspot functionality, just use the Hyundai Mini PC as Access Point following the first link I posted. Cellphones and tablets are more than capable of connecting to an Access Point.

If DDoS is your concern there is not much you can do at least for incoming traffic. For the rest I would start with a masquerading firewall what you need anyhow if you want to connect multiple devices via the same ADSL connection although I think the cable modem is doing that already I presume.

Filtering you can typically also do in the ADSL modem and that is the better place as because it is further “upstream”.

mackeyAUKS · April 10, 2023, 2:09am

to be fair, defense of a castle [back in the day] didn’t stop at the mote, and using the hotspot feature that the operating system provides 1- is using the mini-pc as an access point and 2- isn’t a pain in the butt to set up.

again, thank you for your input; i’ll give it some thought.