Transparent Proxy/Router Solution

Posted on 2009-04-22
Last Modified: 2012-05-06
1. We currently have an old server laying around not doing a whole lot.

2. My experience is based in server based networking and Microsoft operating systems. I don't have a lot of exposure to Linux besides a play installation of FreeBSD many years ago as well as a couple of plays with Ubuntu releases as they continue to update. Other linux environments include Juniper ScreenOS on SSG family of routers.

3. Every time we need to run windows update on a workstation, it downloads approximately 1 GB of security updates for Windows and Office. This bench runs on a VLAN and is not connected to our primary network to prevent network infections from client servers/workstations.

I want to create a router that will allow me to redirect outbound port 80 to a proxy server running on the same PC that will allow us to have cached all the Windows updates. Preferably I would like as little playing around in the CMD line as possible, a nice Web GUI to configure the router and proxy server. Something similar to Juniper's Screen OS WebUI would be perfect.

Can anyone advise on a Linux build that is streamlined for routing purposes, has a powerful and intuitive Web UI, allow me to redirect port 80 requests and what applications (like Squid) that will run as a proxy?
Question by:Accdat
    LVL 13

    Expert Comment

    As none of the out of the box solutions provide this as far as I know check out :  Unfortuantely this suggestion would require you to setup a fair bit from the console.

    Why not just setup a domain controller that has WSUS installed and configured?  You can have a trunk that carries a seperate vlan through to the DC and then firewall it off from there to only work with domain auth and wsus?

    Author Comment

    If I have to work from the console, I'm happy to work from the console, I am just more proficient with GUI.

    As this server is just an old clunker, and the PCs we are updating are client workstations (we are a consultancy firm, if a client's PC comes in to our office, we update it to the latest level of protection) and as such are not domain connected machines preventing use of Group Policy to enforce a proxy. As this is purely a bench network, I want a solution that will require no change in configuration of the client PC to utilise the proxy assuming they are running with a DHCP configuration.

    As it is currently a VLAN, I really don't want the workstations to be able to access our network. I just thought that it would be a cool project to learn some linux, make use of some old hardware and save some of our download capacity for something more worthwhile than Microsoft updates.

    Any recommendations? What would you do?
    LVL 13

    Accepted Solution

    In that case given the strict requirements you can install any version of Linux you wish, if you are familiar with Ubuntu you might as well start there.

    Once it is installed you need to configure squid, dhcp & webmin.

    Squid : Provides the ability to proxy the updates
    DHCP : Allow client machines to grab an IP and point at the squid box for updates
    Webmin : Web based management for the server (remotely, but not every possibility).

    Using the link i provided above for the squid assistance this is likely to be the best way to do it, the instructions appear to provide guidance from a vanilla install of squid.

    Author Comment

    Comments just seemd a little old - comments were from 2004. The version of Windows Update has changed since this time, is this still relevant?

    Also - I would like to open access to the Internet via this server (use as a router) for other services (non 80/443) ports. Sometimes I need to connect a reloaded workstation back on to a domain via VPN, as an example. I assume Ubuntu server would have some type of routing and remote access equivalent?
    LVL 13

    Expert Comment

    It will simply NAT the traffic using iptables. - more upto date.
    LVL 19

    Assisted Solution

    You're making this too difficult.

    IPcop is made for just this purpose. It's a fantastic piece of kit.

    Author Comment

    Thanks for all your comments.

    I ended up using pfsense to do both the routing and transparent proxy. I had to modify the squid.conf file in order to allow the Windows updates to be cached correctly, but on the whole it was a pretty smooth package to install and configure.

    Author Comment

    Note - pfsense has the ability to install and auto-configure Squid 2.6 for you. It also adds control for the squid proxy to the Web GUI which configures most of the squid.conf as well as the require NAT rules to forward the outgoing requests.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Title # Comments Views Activity
    How to identify SSH user interactive login? 15 70
    Keyboard 4 68
    wall mount rack -- recommendation ? 3 56
    RCA to HDMI 4 42
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now