General Questions

Hi,

We are a small business using monowall as our firewall.  We have an internt policy where employees can browse internet during breaks, lunch and after hours.  Unfortunately there is one employee who seems to be misusing the policy and spending more time on the net than working on the job.  The boss asked me to log this particular employees internet browsing habits.  As much as I hate doing this, unfortunaltey I got to do what I am asked.

I was wondering if i can do this using monowall since we are already using it.  We also have DHCP enabled. 

I am not very much into networks and we do not have a sys admin so any help would be very much appreciated.

Thanks,

Pat

you might be able to setup a LAN rule to pass TCP packets to destination port 80 for the person's IP address in question and enable logging for that rule.

Roy...

Roy please explain how to do this.  For those that dont have SYS-Admins.

Action:   Pass
Interface:   LAN
Protocol:   TCP
Source:   the IP address of the user's PC in question
Source Port: any
Destination: any
Destination Port Range:   HTTP
X - Allow fragmented packets
X - Log packets that are handled by this rule

Add this rule above your default LAN to any Rule

Roy...

Add this rule above your default LAN to any Rule

...and then check Logs: Firewall to see any web traffic going to the IP address in question.

db

though logging will only tell you what IP's the person accessed, which is going to be of little use most likely (unless you don't care what sites the person was accessing). A better solution would be DNS logging, but if you're using m0n0wall as your DNS server that's not possible. Something host-based on the PC in question may be your best bet.

Or maybe use WireShark to monitor network traffic, then filter by the suspect user's IP address.