on Sat, Apr 06, 2002, Michael D. Crawford (crawford@goingware.com) wrote:
> I have a small home lan that is routed to the internet through a
> machine that provides IP masquerading with kernel 2.4.18 iptables.
> The gateway machine connects to the net with a 56k modem. There are
> three client machines, plus the gateway for a total of four machines.
>
> Presently I am using neither a proxy nor a DNS cache. Would it help
> things to use them?
Yes and yes.
> I can see how having a DNS cache would help when my ISP's nameserver
> goes down, which it seems to quite a bit.
>
> If I should use a proxy, which one should I get?
I'll echo earlier comments: squid, junkbuster, and (in my case) BIND,
though maradns sounds intriguing.
Quantifying results -- squid with a ~1.4GB cache was providing about a
20% effective hit rate -- my 56 kbps modem was effectively delivering 70
kbps based on cached content. Side benefit: apt-get update downloads
are automajickally cached, meaning that repeat updates from Debian are
fetched locally rather than remotely, for significant speedup. I'd
prefer a larger (10-20+) GiB cache, and will likely reimplement that
when I rebuild my local network.
Junkbuster similarly greatly increases browsing speed (and pleasure)
both by halting unnecessary banner downloads (unlike much web graphical
content, this is largely _unique_ data, and doesn't cache well), and the
related DNS lookups required to fetch this content. The problem with
Junkbuster is that it has rather coarse filtering preference options --
you can set preferences on a sitewide basis, but not (with any level of
ease) at a personal level. So it's suitable for blocking, say, the
major banner sites (doubleclick.{net,com}, bingbangmedia.com,
valueclick.com, looksmart.com, qksrv.net, etc., and possibly some
wildcards (e.g.: /[Aa]ds, /[Aa]dverts, /banner, /banners), /*/ads,
/*/banners). But fine-grained control at the gateway isn't possible,
and you'll have to allow access to nonstandard ports -- I find that :80,
:81, :88, :8000, :8001, :8009, :8080, :8081, :8881, and :1080 tend to
cover most (but not all) standard variants.
For my personal browsing preferences, I prefer using Galeon's built-in
image filtering, though I wish it could provide finer-grained control
(e.g.: subdirectories) and broader scope (e.g.: regex filtering).
Ultimately though, content filtering is something you want to put in the
individual user's hands.
DNS caching will also save time spent looking up DNS info. If your ISPs
nameservers are flakey, you might want to specify other query servers
that are more reliable.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The Consumer Broadband and Digital Television Promotion Act:
Feinstein's answer to Enron envy.
http://www.politechbot.com/docs/cbdtpa/hollings.s2048.032102.html
Attachment:
pgpK2pJADGXOp.pgp
Description: PGP signature