Filtering certain traffic by using a server between modem and router.

confusedtechguy

Distinguished
Apr 6, 2010
26
0
18,530
Hi Everyone,

Here is the physical setup I would like to set up:
Modem -- server -- router -- rest of network

If I bridge the network connection between the router and server, can I block certain traffic (Such as ads for example) from the server itself by modifying the hosts file? (Running Server 2012)

In addition, this server also serves music, videos, and files to a certain number of users (The hardware is very capable, so it wouldn't be a bottleneck) would I be able to get to this server from the rest of the network(those being hosted by the router)?

Notes: router is gigabit. Server has 2 gigabit adapters. Modem has fast ethernet. Router does not have ability to block anything.

Thanks in advance!
 
Solution
Not really the host file only overides DNS on the server itself. The other machines would be using a real DNS server or I guess if you put one on your server maybe you could do something.

What you really want is a firewall, I am sure there is software to make you server run as a firewall but like most things microsoft they cost money. Maybe someone else know a free firewall that will run....I am not referring to the type of firewall that protects a end machine I mean a real firewall that can filter traffic.

There are prebuilt images of ubuntu that have all the firewalls and just about every other security tool you can think of preinstalled on a bootable image. You of course can add any other software you want since it is a...
Not really the host file only overides DNS on the server itself. The other machines would be using a real DNS server or I guess if you put one on your server maybe you could do something.

What you really want is a firewall, I am sure there is software to make you server run as a firewall but like most things microsoft they cost money. Maybe someone else know a free firewall that will run....I am not referring to the type of firewall that protects a end machine I mean a real firewall that can filter traffic.

There are prebuilt images of ubuntu that have all the firewalls and just about every other security tool you can think of preinstalled on a bootable image. You of course can add any other software you want since it is a standard ubuntu build for the OS itself.

You might be able to run 2 virtual machine one with the server and one with the firewall. This type of question may be better asked of a server guy since my knowledge is networks.

It may be easiest though to load dd-wrt on your router or buy a mid priced router that you can load dd-wrt on. dd-wrt of course will never have all the feature a true firewall can but it does have a lot of filtering ability.

If your goal is to just filter adds and you are the main user.....ie you are not trying to prevent yourself from going to someplace you may want to try OPENDNS instead. Many routers support that.
 
Solution


Thanks! This helped a LOT!
 
Content filtering service is what you are describing. There are many ways of achieving this.

The first option is a service run on a firewall appliance and is supported by an enterprise partner. For example, Sonicwall firewalls can add a content filtering service via an additional annual subscription through Sonicwall. This allows you to set specific websites to allow or block, or keywords, or even categorically (such as violence or pornography.) You can even set up multiple content filtering policies and apply them across your network to different groups or users, even going down to individual computers at specific times or limiting access to certain total times. For example, you could set up to allow the computer at 192.168.168.168 to have access to Facebook.com but only for 15 minutes each day. I know the Sonicwall service has worked really well for us at a couple different businesses, but most all major firewall brands offer some form of content filtering service though again they are usually an additional annual subscription fee.

The other option is to utilize a linux-based firewall virtual appliance. You can run this as a virtual machine on an existing server or set up a separate low-powered computer to run it instead. The only thing with running it as a virtual appliance is you probably want to add more network adapters to your server, as you'll want at least one for inbound and one for outbound from your virtual appliance. We recently did some work with pfsense and was pretty impressed with what all it could do. There is also a content filtering service that can be set up with this, and I know other firewall specific distributions of linux also have similar features. The down side here is it leaves the set up, configuration, and maintenance of your firewall and content filtering completely up to you, but it also can save you money in the long run.

Blocking ads specifically is a little more difficult and may not be achievable directly through a server-based or firewall-based content filtering service. I'd highly recommend looking into a web browser plugin like Adblock Plus, which will operate at the client side for blocking unnecessary and sometimes even malicious pop ups or ads. Since starting to use this on several of our customer's computers we've noticed a reduced occurrence of viruses and malware.