After talking to Nathan about it this morning, I realized that I forgot to mention here about my new network configuration at home. Once I finished the closet, I reconfigured the network so that I’m now using a Linux box connected directly to the cable modem, and then all the other routers (for the other network segments), etc. connected to the Linux box.
This allows me to do a couple things much better than I could do before. One is that I now have a “true”, fully featured firewall that all communications to the outside go through, rather than the very limited firewall software that comes with most home routers. Using the Linux box allows for much more advanced routing functionality and firewall rules, in both directions (which is important for the next part).
The second advantage (and the main reason I did it) is so that I can force any outgoing traffic to go through a proxy server (which I also set up - squid). Aside from the other benefits caching provides, I have attached a content filter to the proxy which will block any stuff that I don’t want getting through to the computer that the kids use, based on a very flexible and customizable set of filtering functionality.
Now that I have the process down pretty well, I am thinking of offering to do it for schools, etc. who want internet access. But that would assume that I had spare time on my hands…
2 Comments
Have you checked out smoothwall?
How are you configuring squid? 3rd party?
At home I have Linux on Linksys but I have no need to do anything you have done except a proxy which I could do on the router. Pretty cool though, I’m considering the same thing here in the Library at work.
Ya, smoothwall is good (although it’s kind of “plesk”-ish, but oh well). I am using that (with some modifications to different parts, mostly to allow more detailed control of the firewall rules) for the management piece.
I don’t like their default installation of squid though, so I did that from scratch. Then on top of squid I’m running the Dan’s Guardian content filter (which I think is made by the same people as smoothwall). I will probably move the proxy server & content filter to a different box, for performance though.