Linux Proxy Server Advice

I'm looking for a Internet Proxy solution to monitor the usage of bandwidth in our company.
We have 40 staff overloading our connection at some times of the day.
I want to police our internet connection and find out if someone is using illegal downloading software.( Torrents etc )   At the very least identify the highest user of internet bandwidth.

The ideal solution I'm looking for will do the following:

1) Display current connections (LAN IP Address and Destination)
2) Log usage
3) Show Torrent usage
4) Display usage in a chart -  or at least export data so I can use reporting tools
5) Show a top 10 Users and top 10 Sites by Hit Count or Megabyte

We also have 3 internet connections, so it would be great if this proxy was able to load balance.

Who is Participating?
I don't have a smoothwall set up here at the minute so I cant describe where it is, but Smoothwall Express 3 has some really nice real time traffic graphs that can show you at any time how much bandwidth any device is using. It may give you that information by IP, but you can work out which machine/user it is from that.
It is designed to be quick to setup and easy to use so you should find your way around pretty quickly.

I'm not sure what the best way of setting smoothwall up will be for you, when I used smoothwall I let it act as the DHCP server for the network. In your case you may well have something else in place doing that. If its your existing firewall appliance then no problem, disable that and let smoothwall take over and there should be no other config on the client side - they will just use the smoothwall as the gateway (the green interface in smoothwall terms).
If you have another machine already doing dhcp inside your network then you may have to configure the clients to use the smoothwall as the gateway - it just depends what your setup is.

From what you've said so far I'm guessing you'd just need 2 network cards in a computer - these will be a red interface (for the external connection - in your case the existing firewall will connect to this) and a green interface (for all your clients in your secure network).

If you have a need for it you can also use a third network card for a DMZ (orange interface). It can even do a fourth interface if you need it (Blue - for a wireless network kept seperate from your wired network for example - but this isn't necessary and it sounds like you won't need it).

Basically you just need to remember that smoothwall is more than just a proxy, it is also a firewall - its designed to be a single system to do proxy, QoS, firewall etc so be aware of this when setting it up.

You will need hardware to run it on with a minimum of 2 network cards (you shouldn't need that much performance in that hardware for the setup you describe) and you should be able to configure it to do as much or as little as you need, however even if you find it wont work for you, you can always wipe the machine and fall back to using sqiud on the same hardware.

Good luck with it =)
As far as I know you should be able to achieve all of that using the free version of smoothwall. There are lots of great mods around to extend functionality.

Smoothwall express 3 is really good and its free to use:

They also have a commercial version if you require additional features and professional support, have a look at
You have SQUID that would do it or most of it but you will have to configure rules into it.  You can sure dump the rejected connections into logs and then read that from web browser but you have to be Linux savvy.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

The good thing is that Squid is open source and free to use.
Squid is built into Smoothwall express.

The bonus with smoothwall is that its very quick and easy to install with minimal linux knowledge, if you are more comfortable with linux you can also ssh into smoothwall to do more.

Nothing wrong with squid at all, but smoothwall adds more features - particularly QoS that can be particularly useful for a shared connection.
Oh and Smoothwall express is Open Source and covered under the GPL - see the section "GPL and Open Source Software" at the following location:

Note that link is one mirror from sourceforge, you can select the download direct from sourceforge at

There are also mods available as a seperate sourceforge project at
MchallinorAuthor Commented:

I've heard a lot about Squid.  Interesting that Smoothwall makes the deployment easier for me.

From the screen shots its looks very much like the kind of UI you get with any appliance firewall.

We have a firewall already in place and ideally I just want this to sit on the LAN side of the network (behind the existing firewall)  - configured like a proxy server so all internet traffic from our staff is going through this (Linux) web proxy.

The key objective is to identify the heaviest Internet user and discover what websites they are viewing.  At this stage we are not interested in blocking anything, just monitoring usage.

As you can imagine, if the company internet is getting throttled by people using Itunes, Limewire, BitTorrent etc, I want to know who is the culprit.

Thanks,  I will keep looking at Smoothwall and the mods you have discussed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.