I currently have squid on Ubuntu 16.04.2 LTS. I can't figure out how to make Squid a transparent server on the network with a Asus RT-AC66U Merlin and how to make the server into a network wide firewall to prevent virus, malware, spyware, trojans, etc. from entering the network. Is there a way to configure this on the server itself by bridging the modem and router through Ubuntu? Is there a setting I'm missing?
-
Maybe if you setup samba v4 to be a AD server, and all the users have unique logins. The username might be available. However, if you have an android or etc smartphone it can't join the domain and the username won't be available.– cybernardCommented Jan 30, 2018 at 3:40
-
Oh. . . I see; you are just trying to reinvent the wheel, right? Price would stay at $0 yet complexity and piecing it all together.... priceless!!!– Vomit IT - Chunky Mess StyleCommented Jan 30, 2018 at 5:25
-
If you just need to simply log websites visited by who then you really don't need an OS routing firewall/proxy to keep track of that assuming you are the web server administrator. What do you ultimately need at the zero cost price point exactly?– Vomit IT - Chunky Mess StyleCommented Jan 30, 2018 at 5:30
-
In its original version your question got 4 close votes for being a request for a product/service. You fixed that in your edit, however now it's too broad. Please consider reading How to Ask and visit the Help center for info on writing a good question.– I say Reinstate MonicaCommented Jan 30, 2018 at 22:30
1 Answer
To log http traffic by URL you can go with two methods:
1) Inline: Use SQUID Proxy You can setup a transparent inline Squid Proxy to inspect and forward web traffic. This works by combining the proxy with a firewall that redirects traffic to the proxy ports. A basic version of this setup is here.
For more complicated setups, Cisco's WCCP (Web Cache Communications Protocol) protocol can forward traffic directly from a router to your proxy (via GRE tunnels), letting the router handle traffic without having to deal with iptables. This method also works for commercial systems such as BlueCoat. An example.
2) Passive: Bro IDS - If you just want to log rather than filter websites, you may want to look into BroIDS rather than a full proxy. In this case, you will setup a server on either a network-tap, or a span-port between the router or swtich. Then the IDS will see all traffic and generate logs. Sample bro logs will look like this.
To simplify setup, you can use a system such as Security Onion as a turnkey solution for setting up BroIDS, or one of the pre-configured distributions for Squid.