Network Description

This tutorial is based on the excellent article The Ars guide to building a Linux router from scratch available at

From now on we will assume you have already gone through all the steps of the Ars guide to build your own router on Ubuntu 16. You would like to add web filtering of HTTP and HTTPS traffic to the mix. This needs to be implemented by a separate proxy box, utilizing policy based routing to re-route web traffic to Squid proxy and Web Safety ICAP web filter for actual web filtering and site categorization.

We will run this tutorial within VMWare Workstation 14. Our gateway machine, just like in arstechnica’s article, will be based on Ubuntu 16. Our network will accomodate addresses from subnet with network mask set to All workstations in our network will have IP address of our router set as default gateway. Our router will have two network interface cards (NIC) with the following parameters:

  1. ens32 - network card facing public Internet with address assinged by DHCP of Internet Service Provider.
  2. ens33 - network card facing our private LAN with address statically set to, netmask

The following screenshot shows results of ip addr command run on our router.