Home proxy for internet usage monitoring?

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
Hi all

I'd like to setup something on my home network to enable usage monitoring per pc/device. I want to know who is using how much data over my DSL network. This goes for any device connected i.e. PS3, laptops, tablets, mobile phones, smart tv, desktop and home server.

I have a single port Zyxel DSL modem, connected to a TotoLink wireless router with 4 ethernet ports. Just the home server and old desktop pc are connected via ethernet and everything else via wireless. I can see connected devices on the TotoLink web admin interface and I can see current connections. It doesn't seem to do logging or show nay stats on usage over time though.

So a bit of surfing seems to suggest setting up a proxy server, maybe using something like Squid, could do this for me. with the added benefit of the web caching of course. I could do that on the Windows Home Server 2011 I have but not 100% sure how. I can do this using this article: http://blog.diladele.com/2011/09/08/installing-squid-on-windows-home-server-whs-2011/ but then have to set the proxy on each pc in my house to the Squid server. Is that possible for the mobile devices, PS3 and TV as well?

Any tips much apprecitiated.

PS - I'm a software and web developer for 20 years so can speak a bit of geek. No TCPIP guru as networking has always baffled me and I left that to the network admins. Will to do some digging and learning if need be, just need some direction :)

Cheers
Neville
 

ColinR

Expert Member
Joined
Aug 24, 2006
Messages
3,753
You will need to set your proxy as a transparent proxy, ie all traffic is directed through it.
So no need for client side setup.
 

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
You will need to set your proxy as a transparent proxy, ie all traffic is directed through it.
So no need for client side setup.

That would be ideal. Any tips you can share on how I would do this? Where to start? Can Squid be setup as a transparent proxy?
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,684
What does the Rasberry Pi do that my HP microserver can't? Would prefer to try and do this without spending extra dosh.
It runs Linux, squids natural territory. Are you willing change your microserver to Linux?
 

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
23,606
The squid proxy will need to be setup inline, or you will need to have a inline device that can forward the traffic to the proxy.

The easiest would be to get a old PC with 2 network cards, one card connects to your LAN, the other card connects to the ADSL router. That way all traffic to the internet has to go through the inline device.

If its not inline then you would need to configure the browsers to point to the proxy. You would then however need a firewall inline that blocks internet traffic and only allows the proxy to connect out, otherwise merely removing the proxy settings from the browser will allow you to surf.
 
Last edited:

stricken

Expert Member
Joined
Sep 5, 2010
Messages
2,265
What does the Rasberry Pi do that my HP microserver can't? Would prefer to try and do this without spending extra dosh.

Microserver will perform better...

You just need two ethernet ports so you can basically have a DMZ (adsl model side) and internal (home network side) with all traffic going through.

Squid is powerful and can do waaay more than just clock traffic.
 

Mars

Honorary Master
Joined
Feb 4, 2006
Messages
10,777
Microserver will perform better...

You just need two ethernet ports so you can basically have a DMZ (adsl model side) and internal (home network side) with all traffic going through.

Squid is powerful and can do waaay more than just clock traffic.

How would you connect two ethernet ports onto the Pi?
 

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
It runs Linux, squids natural territory. Are you willing change your microserver to Linux?
Nope. Not apposed to Linux in principal, just don't have the hours in the day or night to fiddle with it. Besides, the server is all setup with RAID and does my backups etc. Don't want to undo/redo all of that.
 

jarrydred

Well-Known Member
Joined
Jun 14, 2010
Messages
138
You could also look at SOPHOS UTM (home edition is free)

You could run it as a VM, used it to ensure low latency when playing games whilst maxing out the line with NNTP and P2P. The reporting and usage monitoring is rather powerful too.

Created 2 virtual networks off the one adapter (doesn't sound like sense) but met my requirements.
 

Necropolis

Executive Member
Joined
Feb 26, 2007
Messages
8,401
You will need to set your proxy as a transparent proxy, ie all traffic is directed through it.
So no need for client side setup.

With squid's transparent proxy ignore's https requests....
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,684
Nope. Not apposed to Linux in principal, just don't have the hours in the day or night to fiddle with it. Besides, the server is all setup with RAID and does my backups etc. Don't want to undo/redo all of that.
Well, then that's what the Pi does that your microserver doesn't. Anyway, I personally wouldn't use a Pi as a caching proxy, as I think you will suffer too much of a performance hit. An old PC/laptop would work better I feel
 

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
The squid proxy will need to be setup inline, or you will need to have a inline device that can forward the traffic to the proxy.

The easiest would be to get a old PC with 2 network cards, one card connects to your LAN, the other card connects to the ADSL router. That way all traffic to the internet has to go through the inline device.

If its not inline then you would need to configure the browsers to point to the proxy. You would then however need a firewall inline that blocks internet traffic and only allows the proxy to connect out, otherwise merely removing the proxy settings from the browser will allow you to surf.

Yip, this sounds like what I thought would be required. I'll have to check if my HP Proliant N40L server can take another ethernet card though, not much space there. Would a 2 port NIC work if I can find one?
Otherwise, I have an old AMD XP3000+ machine doing nothing that would be easier to expand, but don't want to use it really as it is super noisy, old, and cranky :p It's also running XP for which I can not find any anti-virus software anymore so don't want expose it to the internet. I could load Linux on this old XP machine but as I said above, then it becomes just too time consuming as I'm not a Linux boff and would need to do lots of research. Something Windows based would suite me slightly better.
 

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
With squid's transparent proxy ignore's https requests....

What does that mean? E.g. I won't be able to access any https sites or that Squid just won't log it but I'll still be able to do my internet banking?
 

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
23,606
A 2 port nic would do the job just fine.

With squid's transparent proxy ignore's https requests....

Only if you tell it to - squid has got no problems handing http and https requests.
 
Last edited:

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,684
Yip, this sounds like what I thought would be required. I'll have to check if my HP Proliant N40L server can take another ethernet card though, not much space there. Would a 2 port NIC work if I can find one?
Otherwise, I have an old AMD XP3000+ machine doing nothing that would be easier to expand, but don't want to use it really as it is super noisy, old, and cranky :p It's also running XP for which I can not find any anti-virus software anymore so don't want expose it to the internet. I could load Linux on this old XP machine but as I said above, then it becomes just too time consuming as I'm not a Linux boff and would need to do lots of research. Something Windows based would suite me slightly better.

You can load a dedicated firewall like pfsense on the old machine. Will be lighter on resources than a full Linux install.

https://www.pfsense.org/download/

Then setting up squid becomes easy. No boffinness required

https://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
 

Necropolis

Executive Member
Joined
Feb 26, 2007
Messages
8,401
What does that mean? E.g. I won't be able to access any https sites or that Squid just won't log it but I'll still be able to do my internet banking?

Squid won't log it - and if you use squidgaurd the sites will still work.
 

Neville

Well-Known Member
Joined
Sep 13, 2006
Messages
221
Has anyone here used ClearOs?
We use it here at the office but the guy that set it up is on leave so can't ask him. From what me and another guy checked quickly, looks like it also does logging... but it's a whole OS, right? So would need a machine reformat....maybe my old Win XP machine...? Viable option? What do you think?
 
Top