I switched over to comcast internet, which has proved to be significantly faster than the DSL connection I was on.  One questionable result of the move is that I’m not totally happy with the way Comcast shapes internet traffic, and decided that I wanted to tunnel portions of my traffic to countries with more favorable laws.   The basic rational here is that although the right-holders may have authority in the US, they don’t have that authority in other countries, and so they won’t be able to resolve the actual source given the current state of international laws. (Or at the very least there will be a long lawsuit between them actually finding me.)

To do set this up, I have an ubuntu linux box running shorewall and openvpn sitting just behind the comcast modem. (it also provides dhcp for the rest of the network.)  Since it took several hours to get the shorewall configuration working properly, I figured it wouldn’t hurt to make a record of it.

Zones

fw firewall
loc ipv4
net ipv4

Interfaces

loc eth0 detect dhcp,sourceroute
net eth1 detect dhcp
net tun0 - dhcp,optional

Policy

loc all ACCEPT
fw all ACCEPT
net all DROP info
all all REJECT info

Rules

ACCEPT net $FW udp 1194
ACCEPT $FW net: udp 1194
ACCEPT $FW net all

Providers

comcast 1 1 main eth1 detect balance=1 eth0
vpn 2 2 main tun0 detect balance=2,loose eth0

TC Rules

1:P 0.0.0.0/0 0.0.0.0/0 all
2:P 0.0.0.0/0 - ipp2p:all
1 $FW 0.0.0.0/0 all

Route Rules

lo - comcast 1000

Masq

tun0 eth0 detect - - - 2
eth1 eth0 detect