Debian system as an internet security gateway
I’ve got an embedded computer (Soekris Net6501) that I’d like to setup as a router / firewall system and small application server running Debian 7.
As for the router part, I’m already familiar with most services I’ll need (DHCP + DNS server and iptables routing). This should provide me with a working internet gateway capable of doing NAT and port forwarding.
The box has 4 ethernet ports. 3 of those will be used as LAN connections, and the 4th will be the WAN connection straight to the cable modem.
However, I also intend to use this as a hardware firewall. So, it should be possible to somehow analyse web traffic such as HTTP for malicious code, such as viruses being downloaded to connected Windows machines. I know this can be done on individual files / folders using ClamAV, or even for things like mail using appropriate plugins. But is it also possible to scan web traffic in this manner? If so, what packages do I require?
Also, it would be nice to have some kind of intrusion detection in place so that I know what is going on. I’ve heard of Snort before, however I have never used it… Is this a good tool to work with or are there other (better) methods out there?
That’s it for now, I guess implementing those things for starters should provide a good basic security level for a home network! :-)
Thanks for any replies / help.
All the best,