This tutorial is based on the excellent article The Ars guide to building a Linux router from scratch available at https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch. Please note in the tutorial we use Debian 10 as the router and original article uses Ubuntu 16. Differences are minimal though.
From now on we will assume you have already gone through all the steps of the Ars guide to build your own router on Debian 10. You would like to add web filtering of HTTP and HTTPS traffic to the mix. This needs to be implemented by a separate proxy box, utilizing policy based routing to re-route web traffic to Squid proxy and Web Safety ICAP web filter for actual web filtering and site categorization.
Our gateway machine will be based on Debian 10. Our network will accomodate addresses from 10.0.0.0 subnet with network mask set to 255.255.255.0. All workstations in our network will have IP address of our router 10.0.0.1 set as default gateway. Our router will have two network interface cards (NIC) with the following parameters:
- ens32 - network card facing public Internet with address assinged by DHCP of Internet Service Provider.
- ens33 - network card facing our private LAN with address statically set to 10.0.0.1, netmask 255.255.255.0
The following screenshot shows results of ip addr command run on our router.
Contents of the
/etc/network/interfaces file are shown below.