So I’ve done a couple of articles about my new filesharing appliance the PogoPlug over the last year. Absolutely fantastic device, use it often remotely.
One thing that I’ve been unable to get working so far was the native OS application. The application allows you to map a drive directly to the drives connected to the appliance, hence the last article about installing a samba server on it. This issue probably won’t apply to most folks, my home network is a little unique compared to the average person buying a commercial router from Linksys, Belkin or the like. Skip to the bottom for the commands if you’re not interested in my reasons for splitting the networks.
So, I have two completely separate networks at the house. One is wired, and the other is wireless, they interconnect through some various switches but ultimately demarc on an IPCop firewall. The wired network is where my home servers and toys connect (SlingBox, ssh server, pogoplug) whereas the wireless is mostly computers or smartdevices.
With this setup, I don’t have any want or need to proxy traffic from the wired network as they’re essentially all services. From the wireless where we actually surf however, I like to run URLFiler and Advanced Proxy on the IPCop box to get filter out ad servers and malicious and adult websites. The problem with doing this is that the clients need an UNFILTERED direct connection to both the PogoPlug device and the main PogoPlug server out in internet land. Until today I mostly used the samba share to get around this, but it started bothering me and after some poking around I came up with a very easy solution.
You may be asking, why not just add an exception in squid? Well, it doesn’t seem to work through the IPCop interface. And modifying the actual config files would do the job, but the next time IPCop restarts or I add something in the web interface, it would wipe out the manual changes I made. So, lets fall back to good old iptables and prerouting!
By adding these two rules, we save a whole lot of headaches, and the software works perfectly:
/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 80 -d service.pogoplug.com -j ACCEPT
/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 80 -d [POGOPLUG_IP] -j ACCEPT
The first line allows an unfiltered connection to sercvice.pogoplug.com which is the authentication server, the second line allows an unfiltered connection to the pogoplug device itself. Like I said, this probably won’t really impact too many people, since my traffic leaves the BLUE network and hits the GREEN network it gets filtered, and in this application that’s a bad thing.
Hope this helps someone else who’s been banging their head on the wall like I was.