The end goal of what I'm trying to achieve is: Block access to certain websites and view bandwidth used by IP Address. Without changing my employee's gateway address.
—
Our internet connection is currently served by a Cisco router. The Cisco router also hands out the DHCP addresses. I do not have administrative rights to this Cisco router. I cannot change anything on it.
I want to install a proxy server that sits between my employee's computers and the Cisco router.
Naturally I don't want my employee's to know that I'm setting up a proxy server so preferably their IP Address range will not change and neither will their gateway address.
I've been looking at Squid and its transparent proxy service, but from what I understand it will require that when the Cisco router hands out a DHCP address, it will have to change the gateway address to the IP Address of my proxy server.
The proxy server will then receive traffic from my employee's computers, the proxy server will then forward valid requests to the Cisco router.
This is not an ideal solution for me.
Am I misunderstanding how Squid works or is there another solution that I can implement.
Thank you
Best Answer
Use WPAD: http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
Most Windows systems are configured to use WPAD by default. IE, Chrome, and Firefox will respect the system proxy settings. Assuming your users are on a Windows domain with restricted administrator rights, they will be unable to change the system proxy settings or the IE proxy settings, but they would still be able to change the Chrome or Firefox proxy settings if they desired. But they'd have to know they were going through a proxy first.
The biggest problem with the proxy is if they are web developers who access http:// localhost:someport to view the prototype of their application. In that case the proxy will say that said port is unreachable. Otherwise WPAD proxies are fairly transparent to naive end users.
Do note that in my experience web proxies such as Squid, while useful due to programs such as Squidguard that keep users from going to "forbidden" sites, do little to decrease web traffic due to the large amounts of HTML5 and other dynamic uncacheable content on the web today. While they are useful for tracking what IP address is connecting to what content, tying together IP address and the name of the computer that it belongs to (and thus user) will require a DHCP server that logs that information. Microsoft's DHCP server logs that information. As far as I know, Cisco's does not.