[Webinar] Streamline your web hosting managementRegister Today


Proxy Server hardware

Posted on 2006-10-28
Medium Priority
Last Modified: 2010-03-17
I would like to install a Linux proxy server.  I have a little experience with Fedora and hope that it has a proxy server bundled.  I will also likely use Packetizer or Ethereal to analyse the network traffic.

My feeling is that it can be a low-end PC.  Does anyone have experience with HOW low-end I can go and still not kill the throuhput of 5 PCs?  

Question by:johnfaig
LVL 19

Assisted Solution

alextoft earned 300 total points
ID: 17828117
Fedora is nice, and you can yum install squid. However, why not look at something like IPcop? http://www.ipcop.org - I's a stripped down, lightweight, linux proxy/firewall which you can administer via a web browser. Makes everything so much easier if all you want to do is proxy.

As for hardware spec? Any linux distro installed with the bare basics (ie, NO gui), with 2 network cards, should run quite happily on something as slow as a Pentium 1. Remember, it's very little to do with CPU power, it's all I/O.

Author Comment

ID: 17828883

Ultimately, I want to review the network traffic for parental control reasons.  Does ipcop make it easy or am I still going to use Packetizer/Ethereal to review traffic?  


p.s. points boosted
LVL 41

Assisted Solution

noci earned 300 total points
ID: 17829606
You might want to look into dansguardian as your proxy.
I think it is closest to what you want for control on proxying.

The pro of dedicated firewall (like IPCop) is that there probablye all the
tools you need are available. The con' might be that is is more difficult to add something
that is not there yet while you need it.
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

LVL 30

Expert Comment

by:Kerem ERSOY
ID: 17830413

In fact Packetizer and Ethereal are low level tools they will give you what packets went through n certain interface. So all you will have in the end is loads of data which went through your network. This will include lots of DNS traffic, Network broadcasts and lots of automatic updates emanating from clients set-up in your computers, your desktop OS computers, your Java, ICMP packets, packets packets. You  need to havesome filters and additional programs to put all the traffic to a web session in one consecutive file then interpret the content (display HTML, Graphic files etc). Apart from that to understand what kind of a site these packets are originating you need to visit all the pages and try to understand the categories of the web pages etc. It is a job in itself. It will take you to assembly the packets sort them according to the sessions try to pick something that is meaningful to you is impossible without you to dedicate most of your day to this. Don't forget that what packet sniffers log is the traffic goes through the network in all traffic scrambled and it is your duty to analyze and filter the non necessary parts and convert therest to a meaningful session is your duty using the software.

Furthermore what kids will be doing will most likelt be doing do chat, visit webpages etc. So the best way to monitor the traffic is to use some kind of proxy so that this proxy will analyze sessions for you and create meaningful reports which client from your home network visited which web site. Well this seems to me that that is a more likely scenario in your case.

So I will suggest you to setup a transparent proxy, that will route all your webtraffic to this system and watch the logs. If what I tell you does not mean much to you then you'd better go with an already packed solution like IPCop. Moreover let me tell you that there's more to IpCOP than meets the eye at first. There are add-ons like URLFilter. This program can categorize webpages and disable some of them according to the content(Indecent content, porn, chat etc.)

It is sure that DansGuardian can do that too but in this case you will need to gather some Iptables rules that you will redirect web requests to the DansGuardian. (If this does not mean much to you you can consider IpCOP since it has all these packed together)

With the minimum configuration In fact the system does not have to be a decent system. In fact for a hint Cisco's Enterprise firewall which cisco says would supports 1000's of connections at any given instant is having only a Pentium II 450 in the inside.

For a moderate traffic witha 1 or 4 Mbps of traffic and 3-5 users a PC having a Celeron 2 GHz with 256 MB ram and 20 GB of IDE Dsik will be more than enough. In fact the memory should be at least 256 MB or so since your WebProxy will need most of this memory to keep some cache at memory for fast operation.

In fact as any job involving human beings it is better for you have discussion with your kids beforehead. Warn him about the dangers of Internet and responsibility of its use and notifying them about the new proxy monitoring their activities will help much too.


Author Comment

ID: 17831319

A quick review has me leaning towards DansGuardian with it's companion product (IMSpector).  It looks like I can capture webpages and IM traffic.  In addition, DansGuardian has lots of addins to make reporting easier.  One remaining question.  Since they are proxy servers, I hope that I can turn caching off.


LVL 30

Accepted Solution

Kerem ERSOY earned 600 total points
ID: 17832129

In fact both dansguardian and IpCOP does web content filtering sitting over Squid proxy. The thing I did not know was your level of competency in Linux. So that I've organized my response over the level of difficulty oon installing.

Both products filter URL and IM traffic with add-ons.

So since they are both Squid Proxies you have to go into Proxy settings and set the web cahce off. For DansGuardin you should do it with Squid Settings for IpCOP over the dedicated configuration page.

But why would you want to turn off caching? It works smoothly and does not cause trouble and it might speed you up up to  10% to 30% percent depending on use.



Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question