LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Firewall to monitor visited sites by user's (https://www.linuxquestions.org/questions/linux-software-2/firewall-to-monitor-visited-sites-by-users-653688/)

PKumar 07-05-2008 01:21 AM
Firewall to monitor visited sites by user's
 
Hi,

I am working as system administrator, In office, there is workstation using Windows NT and one Linux server which connects all workstations to Internet.

ex :
Workstation W1, W2 , W3 .... Wn connected to Linux server L1 (Using LAN) which is connected to Internet. So all traffics on Linux server comes from LAN on eth1 forwarded to eth0 which is connected to internet.

Now problem, I want to monitor from which workstation accessed which website , since all traffic passes through Linux server so I think its possible to do.

I am looking for some software or others using which I can do.

Thanks

Mr. C. 07-05-2008 01:39 AM
Monitor, as in maintain logs? Or block?

Consider DansGuardian, Squid, Snort

PKumar 07-05-2008 05:59 AM
Quote:
Monitor, as in maintain logs? Or block?

Currently I am looking for monitor, but If its create log and using this I can block the sites that will very excellent.

Thanks

Mr. C. 07-05-2008 12:30 PM
This can be solved at so many levels. Many firewalls come with URL filtering/logging, or you can add/install something like snort in log-only configuration.

Or, if you control a gateway machine, you install tcpdump, and use wireshark to periodically check http traffic sites.

Lots of options...

PKumar 07-06-2008 11:46 PM
Some one suggested me smoothwall Any idea how is it?

Mr. C. 07-07-2008 12:11 AM
That might have been me. I've been using one for over 5 years.

PKumar 07-07-2008 11:58 PM
Wow! Great,
Quote:
In office, there is workstation using Windows NT and one Linux server which connects all workstations to Internet.

ex :
Workstation W1, W2 , W3 .... Wn connected to Linux server L1 (Using LAN) which is connected to Internet. So all traffics on Linux server comes from LAN on eth1 forwarded to eth0 which is connected to internet.
do you thinks its fit in my network infrastructure?

Mr. C. 07-08-2008 12:19 AM
Yes, it will work fine.

I would recommend a modification (assuming you use the Linux server for other duties).

Get another PC in which to install smoothwall 3 express. You will use *that* as your router, and leave your other Linux station to do whatever you want. Your config is straightforward. It will look like this:

Code:
                                          +--- PC1
                                          |
                    +---  LAN  --- switch +--- PC2
                    |                    |
Internet --- Smoothwall                    +--- PC3
                    |                    |
                    +---  DMZ +          +---.PCN
                              |
                              |
                              + Linux server
The smoothwall station will need 2 or 3 network cards. One for the Internet (called the Red interface), one for the LAN interface (green), and one more optional interface for a DMZ (orange). Actually, you can have yet a fourth card, for a wireless or other network (blue, for guests, etc.). Place a switch on each interface (I didn't show one on the DMZ), as many network cards don't work well card <-> card.

I placed your Linux machine as a server on the DMZ, but it can go on the LAN if you'd like.


All times are GMT -5. The time now is 11:49 PM.