Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

Transparent Proxy/Router Solution

1. We currently have an old server laying around not doing a whole lot.

2. My experience is based in server based networking and Microsoft operating systems. I don't have a lot of exposure to Linux besides a play installation of FreeBSD many years ago as well as a couple of plays with Ubuntu releases as they continue to update. Other linux environments include Juniper ScreenOS on SSG family of routers.

3. Every time we need to run windows update on a workstation, it downloads approximately 1 GB of security updates for Windows and Office. This bench runs on a VLAN and is not connected to our primary network to prevent network infections from client servers/workstations.

I want to create a router that will allow me to redirect outbound port 80 to a proxy server running on the same PC that will allow us to have cached all the Windows updates. Preferably I would like as little playing around in the CMD line as possible, a nice Web GUI to configure the router and proxy server. Something similar to Juniper's Screen OS WebUI would be perfect.

Can anyone advise on a Linux build that is streamlined for routing purposes, has a powerful and intuitive Web UI, allow me to redirect port 80 requests and what applications (like Squid) that will run as a proxy?
0
Accdat
Asked:
Accdat
  • 4
  • 3
2 Solutions
 
WizRd-LinuxCommented:
As none of the out of the box solutions provide this as far as I know check out : http://techrepublic.com.com/5208-11186-0.html?forumID=36&threadID=149640&messageID=1591801  Unfortuantely this suggestion would require you to setup a fair bit from the console.

Why not just setup a domain controller that has WSUS installed and configured?  You can have a trunk that carries a seperate vlan through to the DC and then firewall it off from there to only work with domain auth and wsus?
0
 
AccdatAuthor Commented:
If I have to work from the console, I'm happy to work from the console, I am just more proficient with GUI.

As this server is just an old clunker, and the PCs we are updating are client workstations (we are a consultancy firm, if a client's PC comes in to our office, we update it to the latest level of protection) and as such are not domain connected machines preventing use of Group Policy to enforce a proxy. As this is purely a bench network, I want a solution that will require no change in configuration of the client PC to utilise the proxy assuming they are running with a DHCP configuration.

As it is currently a VLAN, I really don't want the workstations to be able to access our network. I just thought that it would be a cool project to learn some linux, make use of some old hardware and save some of our download capacity for something more worthwhile than Microsoft updates.

Any recommendations? What would you do?
0
 
WizRd-LinuxCommented:
In that case given the strict requirements you can install any version of Linux you wish, if you are familiar with Ubuntu you might as well start there.

Once it is installed you need to configure squid, dhcp & webmin.

Squid : Provides the ability to proxy the updates
DHCP : Allow client machines to grab an IP and point at the squid box for updates
Webmin : Web based management for the server (remotely, but not every possibility).

Using the link i provided above for the squid assistance this is likely to be the best way to do it, the instructions appear to provide guidance from a vanilla install of squid.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
AccdatAuthor Commented:
Comments just seemd a little old - comments were from 2004. The version of Windows Update has changed since this time, is this still relevant?

Also - I would like to open access to the Internet via this server (use as a router) for other services (non 80/443) ports. Sometimes I need to connect a reloaded workstation back on to a domain via VPN, as an example. I assume Ubuntu server would have some type of routing and remote access equivalent?
0
 
WizRd-LinuxCommented:
It will simply NAT the traffic using iptables.

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate - more upto date.
0
 
alextoftCommented:
You're making this too difficult.

IPcop is made for just this purpose. It's a fantastic piece of kit.

http://www.ipcop.org
0
 
AccdatAuthor Commented:
Thanks for all your comments.

I ended up using pfsense to do both the routing and transparent proxy. I had to modify the squid.conf file in order to allow the Windows updates to be cached correctly, but on the whole it was a pretty smooth package to install and configure.
0
 
AccdatAuthor Commented:
Note - pfsense has the ability to install and auto-configure Squid 2.6 for you. It also adds control for the squid proxy to the Web GUI which configures most of the squid.conf as well as the require NAT rules to forward the outgoing requests.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now