I have a question that I need some direction and guidance.
I am new to Microtik and RouterOS.
I have an internal computer on the Lan that is abusing IM and other chat related sites. I can see all the IP’s he is connecting to by going to IP>Firewall>Connection Tab.
How can I find out where those IP’s go to, how long he visits each IP, then If I deem that site is outside of his acceptable use policy, then block that website.
How can I also, block by internal computer, a specific list of websites (blacklist…?).
The first question is the most important one.
Thanks,
Wayne
I haven’t played with the firewall in terms of creating address lists and then using them to block individual users but in general terms, I suspect that you really need to be looking at a content filter like DansGuardian.
You can use a rule which adds dst-address to an address list to keep a list of IP’s he visits. You would have to manually execute DNS lookups or IP whois to see where those IP’s go.
If you want to block certain destination IP’s, thats easy and obvious. To see how long he visits web sites, what IM’s he sends and other stuff, you need a different system which tracks application level work. As someone else suggested, Dansguardian is one such tool, but it’s not my favorite unless you have zero dollars and lots of time. You might need a commercial system like that from Cymphonix (by example).
Another possibility is to src-nat him through a seperate public IP (that means you need multiple public IP’s from your ISP) and force his system to use Open-DNS. Then you can create an Open-DNS account linked to that special IP and use their filtering to cut down on his access.
Finally, keep in mind these problems need to really be solved by H.R. not by I.T.; though most managers don’t understand that.