Network Description

This tutorial assumes your Mikrotik based network is up and running. The following screenshot shows simple network diagram.

../../_images/network_diagram.png

Specifically the following settings are in effect.

Mikrotik Router

Setting

Value

WAN interface

either1, IP settings assigned by ISP provider

LAN interface

either2

LAN IP Address

10.0.0.1

LAN Network Mask

255.255.255.0

DHCP Server for LAN

Active, distributes client addresses in range 10.0.0.100 to 10.0.0.200, client DNS server is pointing at 10.0.0.1

DNS Server for LAN

Active, forwards DNS requests to upstream forwarders, able to resolve Internet addresses

NAT (Masquerade)

Active, clients are able to normally browse the Internet

For your reference here is the screenshot of the quick set wizard for such deployment. Note the Mikrotik is deployed within VMware Workstation, so the WAN is actually our internal corporate LAN. But that should not matter much though.

../../_images/quick_set.png

Client Workstation in the LAN

Any client workstation in the LAN is configured by DHCP server running on Mikrotik router and typical settings look like the following.

Setting

Value

IP Address

10.0.0.100 (or any other in DHCP range)

Default Gateway

10.0.0.1

Network Mask

255.255.255.0

DNS Server

Set by the DHCP server of Mikrotik

From now on we will assume the client workstations are able to browser the Internet normally without any errors. We will now proceed to setting up the HTTP and HTTPS protocol filtering for all workstations in the network. This will be done transparently, i.e. no manual configuration of browsers will be required.

In order to achieve these goals we will do the following.

  1. Deploy a separate proxy server in the network, running Squid for transparent interception and Web Safety for web filtering of HTTP and HTTPS traffic.

  2. Redirect HTTP and HTTPS traffic from Mikrotik router to proxy box using Policy Based Routing.