Most firewalls in the consumer world are ones that are either bought at Bestbuy or supplied by your ISP as an all-in-one type of network device. These devices, such as the Linksys WRT54GL, are good enough for most user’s home setups. Providing Wireless and Wired network access with built in Firewall security. Blocking most inbound network threats , and other unwanted requests that are not pre-established (i.e. return path from an outbound request). Some of these consumer routers can be even further enhance with a rich set of plugins and network tools by using custom firmwares. DD-WRT, Tomato, or openWRT are all interdependent communities, who develop custom firmware to be used with these consumer all-in-one routers. You can check your devices compatibility with their firmware at each of their websites.
I for one own a Linksys WRT54GL router and have used both DD-WRT and Tomato. Both of these custom firmwares as well as the stock firware(Linksys) provide enough security, accessibly, and capacity for a typical consumer. However, that’s not what this article is about! This article is how to setup your own Network Firewall using a standalone Linux box! Woot!.
Why build a standalone Network Firewall?
If you have had experience with NATs via Cisco Routers or read about them in your CCNA studies, there are 3 Network Address Translation(NAT) types. Technically, two, see here, plus a third special case.
- Static NAT, one-to-one mapping
- Dynamic NAT, pool-to-pool mapping
- Dynamic NAT with PAT Overload, many-to-one mapping
So as you can see the two types are static NAT and Dynamic NAT, with the special case of Dynamic NAT with PAT overload.
I originally discovered Adblock Plus when I first downloaded Firefox many years ago. Since then I’ve installed the Adblock plugin right after Firefox, etc. It’s become so standard that I almost think Firefox should just bundle them together. Including it in it’s default install exe.
Adblock Plus works as if it were a local content policy, filtering each request you make with Firefox. Each URL, each domain, each link you navigate to is check based on a static blacklist of expressions and URLs. If a match is found, Adblock Plus simply discards the content from rendering. The discarding and allowing content to load is managed by the Content Policy engine within Firefox. Adblock Plus simply utilizes this in order to block the unwanted contents. Or at least this is my comprehension of how it works. :-p
Setting up your own Network wide Adblocker
The purpose of this guide and tutorial is to instruct you on how to set up your own network based adblocker. Expections after completion is every client browser on the network will benefit from adblocking. I will include as much as possible, and feel free to ping me with questions or comment down below.
You will need:
- Computer that will be running the Web Proxy. (For this article, see specs below)
- OS that will host the Proxy Software. (For this article, Ubuntu 12.04 32-bit Server)
- Proxy software that allows rewrite engines/programs. (squidGuard)
- Content-Control-Software or URL Redirect Application(This will consume your blacklists)
- URL and RegExp Blacklists consumable by your Content-Control-Software (Here are some free ones)
- Optional: ipTables for transparent proxy redirection
- Patients and enthusiasm :-p