Proxy Servers Setup

quackers

quackers

quackers

Soldato
Joined
18 Oct 2002
Posts
5,804
Location
Liverpool :-)
I havent got to do this yet, but i've a feeling it might be on the cards in the future so i thought i'd ask in advance :)

If i had to setup a proxy server to monitor web browsing, blocking sites etc.

1) What sort of hardware do you need for this? Can it be a decent spec pc?
2) What is the best software to use?
3) Is it hard to implement?

Ta all
 
We use CensorNet here at work and run it on an old Dell OptiPlex Gx100, although users do complain that's its slow at times, slow might to worth looking at running it on a better spec machine.
 
Ye, what you do is assign users a username and then generate a report to see who's browsing what.

You can also block key words/phrases, websites, file extensions. It's a really useful bit of kit.
 
the spec of the system will be entirely dependant upon the speed of your internet connection and how many concurrent users you have.

you can content filter at pretty much any level, there are firewalls out there that have rudimentary content filtering, you can do it via dedicated hardware, or you can even buy it as software-as-a-service.

there are plenty of linux distributions out there that will do exactly what you are looking for and will run on basic x86 hardware. one that immediately springs to mind is untangle. there is a community edition (if your ok supporting it yourself) or a proper commercial edition too that ties into ad etc etc etc.

hope this helps! :)
 
If you want a managed service check out MessageLabs, they do email & web monitoring/filtering/AV & anti-spam. It uses Squid Proxy to foward all reqeusts to Messagelabs, and logs everything according to username/groups. The ruleset is quiet intuative and easy to configure, and its hassle free, someone else looks after it.

Not as cheap as in house ones I am sure, but for peace of mind, it can't be beaten.
 
Ok for the sake of this thread, were would you place the proxy server in this made up network?

net cloud -> modem/router -> Hardware Firewall -> Switch -> Internal network (1 server, 3 pc's)

Would you have inbetween the firewall and switch?

Sorry didnt have time to make a fancy visio diagram :D
 
Basically yes. Although I never setup the proxy server, so not 100% sure. Give me 15 minutes and I'll go and have a look.

EDIT: Current setup looks like this. ->router->firewall->proxy->switch

The proxy server does have two NICs.
 
Last edited:
if you go firewall > proxy > switch then *all* traffic in and out will be going through the proxy...is that what you want? if you only have 1 server and 3 pc's i would probably just add a proxy server to the switch with a single nic, configure all browsers to hit the proxy ip address and then put a policy on the firewall to only permit the proxy out to the internet for the ports you want to permit.

if you want to pursue the dual homed route with everything going through the 'proxy' then i would certainly want to be looking at a box that did more than just proxy and content filtering...you may as well maximise what your getting out of it i.e. scanning of network traffic for virii, spam checking of your incoming mail before it hits your server etc etc etc.

i would seriously recommend you take a quick look at the untangle linux distro.
 
You must log in or register to reply here.
Back
Top Bottom