Part two of my series of articles detailing some of the more useful features of DIY Linux Routers (also see Exploring QoS for Home Routers
) is going to focus on the content filtering and the controlling of traffic on your network. In this article, Ill be using ClearOS, formerly ClarkConnect, to explain and display the features associated with content filtering traffic and users on your network. I do this not only because I like to show off various distributions of Linux routers so that people have many choices, but also because I just discovered ClearOS and its looking like a really, really good Linux router.
The first thing were going to look at is the web proxy. This is because all of the other more advanced content features rely on the web proxy in order to function. The web proxy essentially takes all HTTP, FTP, and a few other protocols traffic, caches it, and tracks it.
When the web proxy caches traffic, it stores that data locally on the router, and anytime up to when it is overwritten, it will send that data to a local machine if it requests that data from a website. In other words, it will cache certain aspects of websites or any small files you download so that you dont have to reload them again. This not only saves bandwidth, but also speeds up web browsing.
Most web proxy settings will look similar to the picture to the right because most of them use Squid-Cache
. You specify your maximum cache size, maximum object size, and on ClearOS, you can specify a maximum download size. So for example if you dont want anyone downloading a file larger than 2GB on your network, you can block that by setting it as such.
The maximum cache size, upon filling up, will start to overwrite old data from itself. So for example, if you watched 10 Youtube videos that equaled 500MB, and you then downloaded a 500MB file, those videos would no longer be available in the cache. The maximum object size is the maximum size of the file you want to be cached. Anything over that limit will not be stored locally on the router.
If you want to take absolute advantage of the web proxy, I would suggest buying a sub-$100 SSD and installing the entire OS on it. You can buy a 30GB one for around $60 or a 60GB one for close to $100. Using an SSD will not only give you super-fast read/write speeds, but will also give you those equally fast sub-1ms access times that will really make the difference when being used to retrieve stored objects from the cache.
There are two modes that you can use to enable the web proxy. One is called transparent mode and the other is user authentication mode. Transparent mode is the simplest to set up and maintain because all you need to do is enable it and all local machines will be cached and logged. The downside to this is that transparent mode will not cache or log HTTPS sessions.
The other, user authentication, requires usernames and passwords to be entered before any web browsing can occur. The disadvantage to this is that is makes things a little more complicated for the users on your network, but the advantages are that all traffic, including HTTPS, will flow through the web proxy and you can maintain more control over the users on your network using access control and content filtering options.
The content filter is a nice piece of kit if you have kids or employees that you dont want visiting certain websites. You can run the content filter without any users defined, but the disadvantage to that is that the entire network will have to abide by the rules you set in the content filter. By requiring usernames and passwords, you can create groups and specify what each group is allowed/not allowed to do. For example, kids in the screenshot to the right.
If I were to have any users specified on this machine, they would be visible in the users box, and you would be able to select which ones you want to belong to the group Kids. The default options are usually good for most users. You can also specify banned extension lists. Dont want the kids downloading .EXEs? Specify so under the extension/MIME options.
More useful, you can specify what types of sites you want blocked based on blacklists with millions of sites categorized automatically for you. All that is needed is to specify the categories of sites you want blocked under the Blacklists menu. Below is just a small portion of the number of categories you can specify. These blocks lists are also constantly updated automatically for you, so as new sites spring up, they will be added to the lists.
You can also specify specific sites that you want blocked under Site Lists.
Access control limits access to the web during specified periods to specified users, ip addresses, or MAC addresses. The first thing you must do is define a time period. Continuing with the concerned parent theme, lets assume that you want to block access to the web during Homework Time from 3:00PM to 5:00PM. Just create a name, select the days and time then save it.
After that, you can go to the Add Access Control page and configure the appropriate options. If youre using usernames and passwords, it is as simple as selecting them from the list. If you are not, you can also use IP addresses if you have static DHCP leases, but if you are not using static DHCP leases, you can also specify the MAC addresses of the machines you want to block. Here I am using IP addresses for simplicity.
That about sums up the content filtering options. Most of these things are available on the more feature-rich Linux router distributions.