johnfaig
asked on
Proxy Server hardware
I would like to install a Linux proxy server. I have a little experience with Fedora and hope that it has a proxy server bundled. I will also likely use Packetizer or Ethereal to analyse the network traffic.
My feeling is that it can be a low-end PC. Does anyone have experience with HOW low-end I can go and still not kill the throuhput of 5 PCs?
Thanks
JDF
My feeling is that it can be a low-end PC. Does anyone have experience with HOW low-end I can go and still not kill the throuhput of 5 PCs?
Thanks
JDF
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
In fact Packetizer and Ethereal are low level tools they will give you what packets went through n certain interface. So all you will have in the end is loads of data which went through your network. This will include lots of DNS traffic, Network broadcasts and lots of automatic updates emanating from clients set-up in your computers, your desktop OS computers, your Java, ICMP packets, packets packets. You need to havesome filters and additional programs to put all the traffic to a web session in one consecutive file then interpret the content (display HTML, Graphic files etc). Apart from that to understand what kind of a site these packets are originating you need to visit all the pages and try to understand the categories of the web pages etc. It is a job in itself. It will take you to assembly the packets sort them according to the sessions try to pick something that is meaningful to you is impossible without you to dedicate most of your day to this. Don't forget that what packet sniffers log is the traffic goes through the network in all traffic scrambled and it is your duty to analyze and filter the non necessary parts and convert therest to a meaningful session is your duty using the software.
Furthermore what kids will be doing will most likelt be doing do chat, visit webpages etc. So the best way to monitor the traffic is to use some kind of proxy so that this proxy will analyze sessions for you and create meaningful reports which client from your home network visited which web site. Well this seems to me that that is a more likely scenario in your case.
So I will suggest you to setup a transparent proxy, that will route all your webtraffic to this system and watch the logs. If what I tell you does not mean much to you then you'd better go with an already packed solution like IPCop. Moreover let me tell you that there's more to IpCOP than meets the eye at first. There are add-ons like URLFilter. This program can categorize webpages and disable some of them according to the content(Indecent content, porn, chat etc.)
It is sure that DansGuardian can do that too but in this case you will need to gather some Iptables rules that you will redirect web requests to the DansGuardian. (If this does not mean much to you you can consider IpCOP since it has all these packed together)
With the minimum configuration In fact the system does not have to be a decent system. In fact for a hint Cisco's Enterprise firewall which cisco says would supports 1000's of connections at any given instant is having only a Pentium II 450 in the inside.
For a moderate traffic witha 1 or 4 Mbps of traffic and 3-5 users a PC having a Celeron 2 GHz with 256 MB ram and 20 GB of IDE Dsik will be more than enough. In fact the memory should be at least 256 MB or so since your WebProxy will need most of this memory to keep some cache at memory for fast operation.
In fact as any job involving human beings it is better for you have discussion with your kids beforehead. Warn him about the dangers of Internet and responsibility of its use and notifying them about the new proxy monitoring their activities will help much too.
Cheers,
K
In fact Packetizer and Ethereal are low level tools they will give you what packets went through n certain interface. So all you will have in the end is loads of data which went through your network. This will include lots of DNS traffic, Network broadcasts and lots of automatic updates emanating from clients set-up in your computers, your desktop OS computers, your Java, ICMP packets, packets packets. You need to havesome filters and additional programs to put all the traffic to a web session in one consecutive file then interpret the content (display HTML, Graphic files etc). Apart from that to understand what kind of a site these packets are originating you need to visit all the pages and try to understand the categories of the web pages etc. It is a job in itself. It will take you to assembly the packets sort them according to the sessions try to pick something that is meaningful to you is impossible without you to dedicate most of your day to this. Don't forget that what packet sniffers log is the traffic goes through the network in all traffic scrambled and it is your duty to analyze and filter the non necessary parts and convert therest to a meaningful session is your duty using the software.
Furthermore what kids will be doing will most likelt be doing do chat, visit webpages etc. So the best way to monitor the traffic is to use some kind of proxy so that this proxy will analyze sessions for you and create meaningful reports which client from your home network visited which web site. Well this seems to me that that is a more likely scenario in your case.
So I will suggest you to setup a transparent proxy, that will route all your webtraffic to this system and watch the logs. If what I tell you does not mean much to you then you'd better go with an already packed solution like IPCop. Moreover let me tell you that there's more to IpCOP than meets the eye at first. There are add-ons like URLFilter. This program can categorize webpages and disable some of them according to the content(Indecent content, porn, chat etc.)
It is sure that DansGuardian can do that too but in this case you will need to gather some Iptables rules that you will redirect web requests to the DansGuardian. (If this does not mean much to you you can consider IpCOP since it has all these packed together)
With the minimum configuration In fact the system does not have to be a decent system. In fact for a hint Cisco's Enterprise firewall which cisco says would supports 1000's of connections at any given instant is having only a Pentium II 450 in the inside.
For a moderate traffic witha 1 or 4 Mbps of traffic and 3-5 users a PC having a Celeron 2 GHz with 256 MB ram and 20 GB of IDE Dsik will be more than enough. In fact the memory should be at least 256 MB or so since your WebProxy will need most of this memory to keep some cache at memory for fast operation.
In fact as any job involving human beings it is better for you have discussion with your kids beforehead. Warn him about the dangers of Internet and responsibility of its use and notifying them about the new proxy monitoring their activities will help much too.
Cheers,
K
ASKER
KeremE,
A quick review has me leaning towards DansGuardian with it's companion product (IMSpector). It looks like I can capture webpages and IM traffic. In addition, DansGuardian has lots of addins to make reporting easier. One remaining question. Since they are proxy servers, I hope that I can turn caching off.
Thanks
JDF
A quick review has me leaning towards DansGuardian with it's companion product (IMSpector). It looks like I can capture webpages and IM traffic. In addition, DansGuardian has lots of addins to make reporting easier. One remaining question. Since they are proxy servers, I hope that I can turn caching off.
Thanks
JDF
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ultimately, I want to review the network traffic for parental control reasons. Does ipcop make it easy or am I still going to use Packetizer/Ethereal to review traffic?
Thanks
JDF
p.s. points boosted