Solved

Proxy Server hardware

Posted on 2006-10-28
6
305 Views
Last Modified: 2010-03-17
I would like to install a Linux proxy server.  I have a little experience with Fedora and hope that it has a proxy server bundled.  I will also likely use Packetizer or Ethereal to analyse the network traffic.

My feeling is that it can be a low-end PC.  Does anyone have experience with HOW low-end I can go and still not kill the throuhput of 5 PCs?  

Thanks
JDF
0
Comment
Question by:johnfaig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Assisted Solution

by:alextoft
alextoft earned 75 total points
ID: 17828117
Fedora is nice, and you can yum install squid. However, why not look at something like IPcop? http://www.ipcop.org - I's a stripped down, lightweight, linux proxy/firewall which you can administer via a web browser. Makes everything so much easier if all you want to do is proxy.

As for hardware spec? Any linux distro installed with the bare basics (ie, NO gui), with 2 network cards, should run quite happily on something as slow as a Pentium 1. Remember, it's very little to do with CPU power, it's all I/O.
0
 

Author Comment

by:johnfaig
ID: 17828883
alextoft,

Ultimately, I want to review the network traffic for parental control reasons.  Does ipcop make it easy or am I still going to use Packetizer/Ethereal to review traffic?  

Thanks
JDF

p.s. points boosted
0
 
LVL 40

Assisted Solution

by:noci
noci earned 75 total points
ID: 17829606
You might want to look into dansguardian as your proxy.
I think it is closest to what you want for control on proxying.

The pro of dedicated firewall (like IPCop) is that there probablye all the
tools you need are available. The con' might be that is is more difficult to add something
that is not there yet while you need it.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 17830413
Hi,

In fact Packetizer and Ethereal are low level tools they will give you what packets went through n certain interface. So all you will have in the end is loads of data which went through your network. This will include lots of DNS traffic, Network broadcasts and lots of automatic updates emanating from clients set-up in your computers, your desktop OS computers, your Java, ICMP packets, packets packets. You  need to havesome filters and additional programs to put all the traffic to a web session in one consecutive file then interpret the content (display HTML, Graphic files etc). Apart from that to understand what kind of a site these packets are originating you need to visit all the pages and try to understand the categories of the web pages etc. It is a job in itself. It will take you to assembly the packets sort them according to the sessions try to pick something that is meaningful to you is impossible without you to dedicate most of your day to this. Don't forget that what packet sniffers log is the traffic goes through the network in all traffic scrambled and it is your duty to analyze and filter the non necessary parts and convert therest to a meaningful session is your duty using the software.

Furthermore what kids will be doing will most likelt be doing do chat, visit webpages etc. So the best way to monitor the traffic is to use some kind of proxy so that this proxy will analyze sessions for you and create meaningful reports which client from your home network visited which web site. Well this seems to me that that is a more likely scenario in your case.

So I will suggest you to setup a transparent proxy, that will route all your webtraffic to this system and watch the logs. If what I tell you does not mean much to you then you'd better go with an already packed solution like IPCop. Moreover let me tell you that there's more to IpCOP than meets the eye at first. There are add-ons like URLFilter. This program can categorize webpages and disable some of them according to the content(Indecent content, porn, chat etc.)

It is sure that DansGuardian can do that too but in this case you will need to gather some Iptables rules that you will redirect web requests to the DansGuardian. (If this does not mean much to you you can consider IpCOP since it has all these packed together)

With the minimum configuration In fact the system does not have to be a decent system. In fact for a hint Cisco's Enterprise firewall which cisco says would supports 1000's of connections at any given instant is having only a Pentium II 450 in the inside.

For a moderate traffic witha 1 or 4 Mbps of traffic and 3-5 users a PC having a Celeron 2 GHz with 256 MB ram and 20 GB of IDE Dsik will be more than enough. In fact the memory should be at least 256 MB or so since your WebProxy will need most of this memory to keep some cache at memory for fast operation.

In fact as any job involving human beings it is better for you have discussion with your kids beforehead. Warn him about the dangers of Internet and responsibility of its use and notifying them about the new proxy monitoring their activities will help much too.

Cheers,
K
0
 

Author Comment

by:johnfaig
ID: 17831319
KeremE,

A quick review has me leaning towards DansGuardian with it's companion product (IMSpector).  It looks like I can capture webpages and IM traffic.  In addition, DansGuardian has lots of addins to make reporting easier.  One remaining question.  Since they are proxy servers, I hope that I can turn caching off.

Thanks
JDF

0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 150 total points
ID: 17832129
Johnfaig,

In fact both dansguardian and IpCOP does web content filtering sitting over Squid proxy. The thing I did not know was your level of competency in Linux. So that I've organized my response over the level of difficulty oon installing.

Both products filter URL and IM traffic with add-ons.

So since they are both Squid Proxies you have to go into Proxy settings and set the web cahce off. For DansGuardin you should do it with Squid Settings for IpCOP over the dedicated configuration page.

But why would you want to turn off caching? It works smoothly and does not cause trouble and it might speed you up up to  10% to 30% percent depending on use.

Cheers,
K.

0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux CentOs 6.7 : i can't start service 8 103
FTP: Servname not supported for ai_socktype 7 1,167
Squid Connection Pools 3 107
linux  centos   virtualization network quetion 6 91
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question