Network Description

This tutorial assumes your Mikrotik based network is up and running. The following screenshot shows simple network diagram.

../../_images/network_diagram.png

Specifically the following settings are in effect.

Mikrotik Router

Setting Value
WAN interface either1, IP settings assigned by ISP provider
LAN interface either2
LAN IP Address 10.0.0.1
LAN Network Mask 255.0.0.0
DHCP Server for LAN Active, distributes client addresses in range 10.0.0.100 to 10.0.0.200, client DNS server is pointing at 10.0.0.1
DNS Server for LAN Active, forwards DNS requests to upstream forwarders, able to resolve Internet addresses
NAT (Masquerade) Active, clients are able to normally browse the Internet

For your reference here is the screenshot of interface list, DHCP and DNS server settings on the Mikrotik router.

../../_images/interface_list.png ../../_images/dhcp_server.png ../../_images/dns_server.png

Client Workstation in the LAN

Any client workstation in the LAN is configured by DHCP server running on Mikrotik router and typical settings look like the following.

Setting Value
IP Address 10.0.0.100 (or any other in DHCP range)
Default Gateway 10.0.0.1
Network Mask 255.0.0.0
DNS Server 10.0.0.1

You would like to filter and block HTTP and HTTPS traffic for all client computers in the network. This needs to be done transparently, i.e. no manual configuration of client computers is desired. In order to achieve these goals we will do the following.

  1. Deploy a separate proxy server in the network, running Squid for transparent interception and Web Safety for web filtering of HTTP and HTTPS traffic.
  2. Redirect HTTP and HTTPS traffic from Mikrotik router to proxy box using Policy Based Routing.