Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Minimalistic tool to configure the routing of a local area network
branch: master
Failed to load latest commit information.
conf removed bridge interface, not really needed, to reduce complexity
consul preliminary fixes for root usage
daemons moved some zlibs into daemons/
doc included pdf whitepaper v1.2 english
modules various fixes also to iptables-default
utils debian_install: added packages missing from debian minimal + turn apt…
zlibs things_known format
.gitignore permissions and ignore fixes
AUTHORS.txt documentation updates for release documentation updates for release temporary plea for support on CHEST
TODO.txt some notes on domotica

   ooooo888   ooooooo  oooo  o  oooo oooooooo8   ooooooooo8
 888    888 888     888 888 888 888 888ooooooo  888oooooo8
 888    888 888     888  888888888          888 888
   88ooo888o  88ooo88     88   88   88oooooo88    88oooo888

       a digital rod for local area network rabdomancy

Version: 0.5




Dowse is a transparent proxy facilitating the awareness of ingoing and outgoing connections, from, to, and within a local area network.

Dowse provides a central point of soft control for all local traffic: from ARP traffic (layer 2) to TCP/IP (layers 3 and 4) as well as application space, by chaining a firewall setup to a trasparent proxy setup. A core feature for Dowse is that of hiding all the complexity of such a setup.

Dowse is also a highly extensible platform: interoperability between modules is available using Socks4/5, UNIX pipes, local TCP/IP sockets and port redirection, conforming to specific daemon implementations. At the core of Dowse is a very portable shell script codebase implementing a modular plugin architecture that isolates processes and supports any executable written in any language: Shell, C, Perl, Python etc.

Plea for support

If you like to support the development of this project, please rate it and endorse it on the CHEST funding platform:

We are seeking funding to continue this free and open source development. It does not require much, just a registration and rating. Thanks.


Dowse takes control of a LAN by becoming its DHCP server and thereby assigning itself as main gateway and DNS server for all clients. It keeps tracks of assigned leases by MAC Address. DNSMasq is the DHCP and DNS daemon.

All network traffic is passed through NAT rules for masquerading. All HTTP traffic (TCP port 80) is filtered through a transparent proxy, using an application layer chain of Squid2 and Privoxy.

All DNS traffic (UDP port 53) is filtered through DNSCrypt-proxy and encrypted using AES/SHA256 before being sent to or other configurable servers supporting this protocol.

In the future, traffic of all kinds may be transparently proxied for monitoring, filtering, and transformation by other applications loaded on the Dowse device.

All daemons are running as a unique non-privileged UID. The future plan is to separate them using a different UID for each daemon.


Installation and activation takes a few steps and needs root:

  1. Download dowse on a GNU/Linux box (we use Debian 7)

    git clone /usr/src/dowse

  2. Install ZSh, needed to run all scripts in Dowse: apt-get zsh then go into the dowse directory ( cd /usr/src/dowse in example)

  3. Run ./utils/ as root, it fires up some commands: apt-get, update-rc.d and invoke-rc.d to install dependencies like dnsmasq, privoxy and squid3

  4. Configure the files in the conf/ folder: settings and network The files are plain text and include documentation in comments.

  5. Launch the dowse script as root, using full path. In our example:

    /usr/src/dowse/dowse start

    Dowse will launch all daemons dropping root privileges and using the user configured (default user is proxy)

  6. Deactivate the DHCP service (Automatic IP configuration) on any other object on the network, typically your ADSL router.

If all went well now one should be able to connect any device to the internet as you did before, but now all the traffic is passing via Dowse's transparent proxy configuration, which weeds out adverts and takes care of browser's privacy.

To make sure that dowse is started at every boot, just add it to the /etc/rc.local file, in our example that would be the line:

/usr/src/dowse/dowse start


Dowse is Copyright (C) 2012-2014 by the Foundation

Dowse is written by Denis Roio

This source code is free software; you can redistribute it and/or
modify it under the terms of the GNU Public License as published
by the Free Software Foundation; either version 3 of the License,
or (at your option) any later version.

This source code is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
Please refer to the GNU Public License for more details.

You should have received a copy of the GNU Public License along
with this source code; if not, write to: Free Software Foundation,
Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Something went wrong with that request. Please try again.