This tutorial is based on the excellent article The Ars guide to building a Linux router from scratch available at https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch. Please consider this tutorial only as a proof-of-concept. Consult your network administrator before putting it into real production. Please note in the tutorial we use Debian 10 and original article uses Ubuntu 16. Differences are minimal though.
From now on we will assume you already gone through all the steps of the Ars guide to build your own router on Debian 10. You would like to add web filtering of HTTP and HTTPS traffic to the mix. This will be implemented by using Squid proxy for transparent interception of traffic and Web Safety ICAP server for actual web filtering.
Our gateway machine is based on Debian 10. Our network will accomodate addresses from 10.0.0.0 subnet with network mask set to 255.255.255.0. All workstations in our network will have 10.0.0.1 set as default gateway. Our gateway will have two network interface cards (NIC) with the following parameters:
- ens32 - network card facing public Internet with address assinged by DHCP of Internet Service Provider
- ens33 - network card facing our private lan with address statically set to 10.0.0.1, netmask 255.255.255.0
The following screenshot shows results of ip addr command run on our gateway.
Contents of the
/etc/network/interfaces file are shown below.