This tutorial is based on the excellent article The Ars guide to building a Linux router from scratch available at https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch. Please consider this tutorial only as a proof-of-concept. Consult your network administrator before putting it into real production.
From now on we will assume you already gone through all the steps of the Ars guide to build your own router on Ubuntu 16. You would like to add web filtering of HTTP and HTTPS traffic to the mix. This will be implemented by using Squid proxy for transparent interception of traffic and Web Safety ICAP server for actual web filtering.
We will run this tutorial within VMWare Workstation 12. Our gateway machine will be based on Ubuntu 16. Our network will accomodate addresses from 10.0.0.0 subnet with network mask set to 255.255.0.0. All workstations in our network will have 10.0.0.1 set as default gateway. Our gateway will have two network interface cards (NIC) with the following parameters:
- ens32 - network card facing public Internet with address assinged by DHCP of Internet Service Provider.
- ens33 - network card facing our private lan with address statically set to 10.0.0.1, netmask 255.255.0.0
The following screenshot shows results of ip addr command run on our gateway.
Contents of the
/etc/network/interfaces file are shown below.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # this is the WAN interface auto ens32 iface ens32 inet dhcp # this is the LAN interface auto ens33 iface ens33 inet static address 10.0.0.1 netmask 255.255.0.0
Before we begin, please download the
archive with all scripts mentioned in this article and upload/unpack it into your home folder on the gateway. Contents of each script will be shown in the appropriate places in this tutorial. The scripts can also be downloaded from our GitHub repository at https://github.com/diladele/websafety-virtual-appliance/tree/master/scripts.ubuntu16.intercept .