You might want to look in to setting up Dansguardian (http://dansguardian.org/) or Smoothwall (http://www.smoothwall.org/). I used Dansguardian for filtering when I managed a wifi network several years ago (it was for Marines in Iraq...we had to filter porn and stuff) and it worked pretty well.
Edit: Forgot to add... I don't think using just iptables is going to let you redirect like you want. You'll need a proxy for that. Set up your linux box as a transparent proxy with Squid (or configure your XP machines proxy setting to point to your Linux box) and do content filtering there. Dansguardian isn't really necessary if all you want to do is simply block Facebook. You can just do that with Squid.
You can make any PC into a router with two network cards and something like SmoothWall. Wouldn't be hard to build a cheap and small box with an eSATA port and two cheap NICs or even onboard NICs.
We organize 300+ seat lanparties.
What hardware do you have, and why did you go for this hardware? We have around 15 Zyxel ES-2024 Switches. They are okay machines. Gigabit uplink is important on these machines, the internal 100mb connection is okay. We also have a 16-port full Gigabit Zyxel Switch (can't remember the model), which we use as the main switch.
How did you connect it? So we basically we have one gigabit switch, and we connect all the rest of switches to them through the gigabit uplink. One switch per table.
What kind of servers do you host? Old as fuck desktop running Smoothwall. It has firewall, DHCP, web interface. That's all we need. For tournaments, we have game separate servers, of course.
How many users do you support? We have capacity on our own for around 250 persons, I think. The rest of the equipment (last time we had 380 seats) we ask around, f.ex. Zyxel themselves were happy to borrow the equipment for us in exchange for some publicity, that was great of them.
Do you offer wireless? Yep, just put some cheap wireless router on it. We keep it public, so people who visit the lanparty can do whatevery they want.
How do you tackle the general problem of supporting so many users on a relatively slow internet connection. Oh my. This is a hard one :) Pretty much our network guys are monitoring the internet traffic through Smoothwall, and when they see something suspicious, they go to the guy's place and ask what's going on. Mostly it's just guys who claim that "they forgot uTorrent was running" ;) We don't really block any ports, because we can't be sure what ports people use for gaming.
I have an old desktop with smoothwall installed.
It's been set to push\pull all steam traffic through a US based proxy.
I set it up ages ago and in all honesty, I suck at linux so you'll probably want to ask around on their forums for how tos on such things.
Then you need to find a decent US upsteam proxy.
Once that's done, steam will think you're US based and you can enjoy an American pricing scheme from the UK :)
edit;
This doesn't effect latancy in games because they use different ports and such which are all connected locally.
I would recommend a dedicated firewall box if you're up to making one. You can use anything P3 or better with 128MB RAM or better.
Three that come to mind:
Yeah, that came from my router/firewall. I run Smoothwall, it is a Linux distro that was designed to be an open source firewall. You can run it on really old hardware. Mine runs on a Dell with a P3 processor and ~300MB of RAM, but I have been thinking of upgrading the machine. You can find details here - http://www.smoothwall.org/
Edit - You might want to see if your router can run DDWRT. It will give you a more robust UI.
Program? nah..
You can use something like smoothwall (http://www.smoothwall.org/about/) or monowall etc. You will need an extra pc to set it up and you'll have a dedicated firewall with a simple web interface that runs linux ( so you can do more advanced stuff if interested ).
You'll find a lot of tutorials online.
Yeah Smoothwall with the advanced proxy plugin would do this quickly, easily and for free.
You could have it up in about 30 mins, forward all 80 and 443 traffic through it and by default it would do nothing but logging.
In the future if you need it you can also do authentication, whit/blacklist, bandwidth control etc.
Ah, my bad.
The firewall is an old recycled dell workstation that I got for 15 bucks. I never really looked too closely at the specs, but it's 3.something GHz, 3-4 Gb RAM with three NICs, and a 60 gb SATA hardrive - and it draws about 60 - 70 watts. That's all I could tell you about the hardware.
Software wise, it's running Smoothwall 3.0. It's not really well documented, but it's pretty simple.
EDIT: Sorry, I didn't see the hardware question. I'm not 100% sure, it's an old box from work. It's some type of generic dell workstation with a 3 somthing GHz processor and 3 or 4 Gigs of RAM - way overkill for a simple home firewall, but it's what I had laying around (and it's a billion times better than the linksys 'routers').
The easiest non-tech way to do what you are doing? Upgrade your router: D-Link DGL-4100 . There is a QOS, and Bandwidth throttling option in it. Short of making your own domain, or proxy server and imposing limits...this might be the easiest option. Caveat: RESEARCH the specs on the router before you buy, to make sure it's what you want. Don't just take my word for it. EDIT 1 I found this based on someone else's review online. Just about any router nowadays' supports some type of QOS. The way these work though depend on the total amount of traffic on your network. It it's only happening while you are gone, then it might not do a lick of good regardless.
EDIT 2 Quality of Service Control • Supports the DiffServ approach • Traffic prioritization and bandwidth management based-on IP protocol, port number and address
These are for the router you listed. Set static IP's for everyone and limit the bandwidth that way. It's a start at least. Otherwise...setup a Smoothwall box: http://www.smoothwall.org/
Good luck!
1) Find old PC with two network cards, 30gb hdd, 1gb of memory and some processing speed (faster processer, faster firewall)
2) install and configure smoothwall
3) speek to some people on their forum and find out about configuring the routing table to forward specific ports to an upstream proxy server (or rent a VM from an american provider and create your own, squid
3)a) find an upstream proxy in country of your choice
4) find out what ports steam uses to connect (not run games or multiplayer parts, just connect to the account server)
5) forward those ports to your upstream proxy server.
6) marvel at science
I suck at linux and I managed to work out how to do it a year and some ago with alot of asking, reading and researching.
It's also fun :)
Get your employer to pay for a Cisco Explorer course leading up to an external CCNA exam. A local college should hopefully offer this where you can attend 1 evening a week after work. This is where I started, I am on the last module of the 4 involved. Fantastic way to learn general networking (with some Cisco specific stuff). You could self-study but studying in a class with other students keep's one's motivation high and you can learn from and help each other.
You will get to build virtual networks with Packet Tracer but get some real kit experience. Parallel with this get a home network up and running and buy some cheap switches and routers from eBay. Start with a fun project like building a webserver, mailserver, fileserver, DNS... then start playing with an opensource router/firewall like Smoothwall (http://www.smoothwall.org) or pfsense (http://www.pfsense.org/).
You could set up a firewall which all your computers connect through before going out to the internet. That'll allow you pinpoint what type of traffic is really heading out to the net.
Check out http://www.smoothwall.org/ that should do the trick.
I've used the full version of smoothwall on stand alone devices before. It will allow you to inspect each packet of data provided you configure it correctly.
It will help you track down what the bandwidth actually is
If you have 70+ devices on your network, you're gonna want something a little more robust than a single windows PC broadcasting an Ad Hoc wireless network..
But I know what you mean, I despise most consumer routers because they're usually garbage. I love my UniFi-AP paired up with my Smoothwall box. Only problems I have are caused by power outages and it scales extremely well.
Smoothwall is another good "PC into router" distro that may serve you better than a general purpose one like Debian. Smoothwall is actually Linux too, not BSD. Shouldn't matter too much but wanted to point that out. You can also configure the whole thing from your laptop using a web browser.
We went through this 3 years ago with our Sonicwall. The FW's CPU was pinned all the time.
We had several HP P4s laying around so we threw SmoothWall on both and configged them the same. If one P4 dies, drop the backup online and dig up another unused P4..repeat.
Never looked back.
Do you even understand what a firewall does? Your router is already acting as a sorta hardware firewall simply by doing NAT. You're not going to allow any external initiated connections inbound to services unless you specifically allow them in port forwarding.
The computers on your network will have full outbound access sure but most people typically don't need to restrict port usages for a home enviroment. The fact you're asking these questions tell me you don't need to either.
The firewall you setup would just be a waste imo. Unless you really want to delve into sniffing network traffic using SNORT for fun or something, it just doesn't make much sense. Check out http://www.smoothwall.org/ if you care enough to start configuring a box.
If you're willing to pay money for piracy, look into UseNet. Learn to pirate better. That or just stick to private trackers of small communities. No one really gives a fuck about you stealing music or movies. At worst you'll get sued and have to settle for a few thousand from some bullshit law firm.
>What are you doing in regards to Google watching essentially your every move?
I don't wear tinfoil hats.
You can install a routerOS like smoothwall on a box. It has webcaching along with lots of other functions. Great bandwidth graphs, vpn, etc. Really funny thing I liked when I had roommates was setting up the IM logger so you can read all their craziness.
I run a small file / print server on one box. I also use this as a torrent box with rtorrent. I can SCP a torrent file to a directory on this machine and it will start downloading automatically.
On another box I installed 3 NIC's and turned into a custom firewall using software from http://www.smoothwall.org/. Works like a dream.
Since you have an extra server you might want to check out Smoothwall.
Lots of features in one handy install, iptables, snort, squid proxy, plus a pretty well polished web interface.
There's a very large community and custom packages built by users. MRTG add-on for example.
I don't need this computer. But just giving some suggestion of what this computer can also be used for. You can install another network card or two. Install Smoothwall its a router/firewall/gateway/IDS/proxy device. Have one network card what goes out to your wireless network to help protect it so people can get back to the rest of your computers aka public network. Then have a private network. The webproxy has a built-in web cache that works really nice. IM logging so you can read all IM's on your network. lots of other fun things. Thats what I am using my dell dimension 2400 for.