Introduction to Proxy Servers

Do you have a growing family at home slowly eating away at your bandwidth? Maybe you're a web surfing fanatic looking for a little more speed? If you answered yes to either, a caching proxy is for you. This simple addition to your home network can provide you with additional bandwidth by reducing common internet bandwidth usage. Normally these types of proxies are found in the commercial world, but they're just as useful at home. Below is an image of a traditional multi-computer home network.


Traditional Home Network

So what is a caching proxy server? The concept is pretty simple: when a request is made to a website, that content is then saved locally on the local caching proxy server. When another request for the same data is made by any machine on your network, that data is retrieved from your local proxy rather than the internet. The content can be anything from regular website content to a file you downloaded. For those with multiple computers in a single household, the bandwidth savings really adds up with patches and multi computer driver updates. The change to the network configuration is really quite small:


Home Network with Proxy Server

At this point many are likely asking how much this costs. If you read my previous article, you would know the answer right away: "It's free and it's on Linux". I suppose I need to preface that last comment with the qualification that you need some old "junky but functional" hardware lying around. There are many different Linux solutions we can deploy to achieve this goal. For this article I have chosen a solution of Arch Linux, Shorewall, and Squid.

We selected Arch Linux because it is a rolling release and has the latest and greatest packages. If you are not familiar with the phrase "rolling release", in Linux it indicated a distribution that keeps you up-to-date with the latest software updates via the package manager. You will never have to re-install or upgrade your server from one release version to the next with this style of distribution. The great part about a rolling release on a proxy/firewall setup is that once it's set up and working correctly, you will not have to go back and completely overhaul the server when a newer distribution update comes out.

Along with the different types of OS and application solutions, there are also multiple ways to set up a caching proxy. My preferred setup is a transparent caching proxy. A transparent proxy does not require you to make any additional changes to the client computers on your network. You utilize the proxy server as your home gateway, allowing the proxy server to automatically forward the ports to Squid. The second way to utilize Squid would be to set up your client machines to utilize the proxy server via the proxy settings in your browser. Although this may be the easiest way to set up a proxy server, it requires you to make changes for any machine that attaches to your network. The table below shows what I selected for my transparent caching proxy server.

Test Proxy System
Component Description
Processor Intel Pentium 4 3.06GHz
(3.06GHz, 130nm, 512K cache, Single-core + Hyper-Threading, 70W)
Memory 2x256MB PC800 RDRAM
Motherboard Asus P4T
Hard Drives 120GB Western Digital SATA
Video Card ATI Radeon 7000
Operating Systems Arch Linux (32-bit)
Network Cards Onboard Intel Gigabit
PCI 100Mbit 3Com 3c905C-TX

I could have selected older equipment, but this is what I had laying around the house. As seen in the table, one of the hardware requirements for a transparent proxy is to have two network cards or a dual port network card. We recommend against using wireless for either of the connections to the proxy server, and a Gigabit Ethernet connection from the proxy to the rest of the network is ideal. (The connection to your broadband link can be 100Mbit without imposing any bottleneck.) Another quick suggestion: If you download a fair amount of files, it may be a wise idea to utilize at least a 120GB HDD. The idea is that the more space you have, the longer you can keep your files stored on your proxy server. With storage being so cheap, you could easily add a 500GB or larger drive for under $100.

Now that we have our hardware and a good idea what we want to set up, it's time to get installing. I'll try to keep this portion simple and to the point, although if you have questions later feel free to post a comment.

Proxy Server How To
POST A COMMENT

97 Comments

View All Comments

  • rahvin - Tuesday, May 11, 2010 - link

    Jetway motherboards can be configured with daughterboards that don't use the PCI slot. One of these daughterboards contains 4 gigabit realtek network interfaces. I'm running this on my linux firewall/router and it works beautifully. The only issue that was an eye catcher was the original 10/100 ethernet on the MB got configured as eth4 after adding the daughterboard which I didn't expect. Reply
  • Zok - Tuesday, May 11, 2010 - link

    Wow. You're right. Jetway AD3RTLANG gives 3 x 10/100/1000. Pair that up with one of their fanless Atom board with daughert board support (NF92-270-LF or perhaps the dual-core version) and we might have a winner. Reply
  • Zok - Tuesday, May 11, 2010 - link

    My enthusiasm got the best of me... That does sound pretty slick, but I forgot my other major gripe - 802.11n AP support (dual-band/radio, if possible). Any advancements on this? Reply
  • rahvin - Tuesday, May 11, 2010 - link

    Use the PCI slot to add a PCI wireless card. Most of the Jetway boards come with a PCI expander that tips the PCI slot parallel to the motherboard. With the right case you just add the wireless PCI card (make sure it has FOSS drivers) and you are good to go. Or you can add a PCI card that takes a mini-pci card and then hook up an external antenna. Or you can do what I did and buy a wireless AP extender that connects via network, they are just the radio and a network interface so you just run DHCP and services over the network point and everything is automatic (although if you want security like WPA2 you have to run it on the firewall/server not the AP. Reply
  • JarredWalton - Tuesday, May 11, 2010 - link

    So I've ordered a USB to Ethernet adapter, and when it arrives I'm going to try setting this up on a laptop. The 100Mbit USB-Ethernet will connect to the Internet (since my broadband caps out at under 20Mbit) while the onboard 100/1000Mbit (depending on laptop) will serve the home network. I'll then give this sort of setup a shot using both an Atom netbook and a CULV laptop to see if there's a noticeable performance difference (other than the netbook being limited to 100Mbit).

    As a side note, I plugged my current box into a Kill-A-Watt device this morning to see how much power it's using. The final tally: 125W! Ouch. What's really odd is that using the acpi-cpufreq package didn't help power at all. The initial setup was for performance, with the CPU at 2.40GHz all the time. Changing to the ondemand governor dropped the CPU speed to 1.6GHz, but power draw remained essentially unchanged. (It may have dropped one or two watts on average, but nothing significant.)

    All of that points to the reason I included the comment on the end about old hardware and electricity costs. I thought the box would be closer to 100W, but obviously not. A CULV or Atom netbook on the other hand will get me down to ~10W I think. :-)
    Reply
  • Zok - Tuesday, May 11, 2010 - link

    I can do that now, with my current router/AP. The downside - I'm not removing any current hardware from my setup, which is my goal.

    In regards to my previous post, I was more concerned with Linux software support for 802.11n in AP mode. Last I checked, it only supported client mode. I'll do some research tonight and see if there have been any advances. It's hard to give up 300 Mbps (MIMO) for 54 802.11G or even 130 Mbps ("Plane Jane N").
    Reply
  • rahvin - Thursday, May 13, 2010 - link

    Is the goal to simply eliminate devices or are you concerned about power use and flexibility? A mini-itx platform with 2.5" drives and a wireless card is going to be far more flexible than a router and it's going to use far less power than both combined. See the beauty of the home server/firewall on linux is that you can run so many services that you can't on a router. Caching DNS, Caching transparant proxy, samba, email and web filtering and AV scanning, etc. I couldn't use just a router anymore because I would pull my hair out with the limited functionality. Reply
  • dezza - Tuesday, May 11, 2010 - link

    I know you told us you're relatively new to Linux, but I would like you to consider this:

    * A rolling release brings the newest exploits
    * Configs are not specialized for the distribution and configured to work in conjunction (Like Debian)
    * ArchLinux is primarily not a server operating system. I use it as a great workstation and the happiest I've had for years .. (Earlier running Debian, Gentoo, etc.), but I've never had any great experiences with it as a server. Most of the server-packages does not work out-the-box like on Debian.

    I would choose FreeBSD/Debian for a simple proxy.

    Also I would agree that anyone who is tempting to learn Linux starts with discovering ArchLinux and it's wiki http://wiki.archlinux.org there is everything you need to know and with a good friend by your side or a friendly IRC-channel you will be up and running quickly and will not encounter the same problems like people trying out Ubuntu, because you've already learned the hard steps by configuring it yourself. On Ubuntu people always stall on simple small problems and start bumping threads in the forums, simply because they're stuck with a default system looping around in driverproblems and Xorg configuration lines

    Ubuntu ends the same place as all other easy distributions - So you can just as well use your time to read a simple installation guide step-by-step like supplied by Gentoo and ArchLinux and learn much more in shorter time than you will use writing on the Ubuntu forums for common problems.
    Reply
  • JarredWalton - Tuesday, May 11, 2010 - link

    Chris is hardly new to Linux... I'm not even "new" per se -- I used Linux (Red Hat and SuSE, plus the HP boxes at the labs) back in college in the 90s. Chris is a senior Linux engineer/admin/whatever for a major company, so he deals with configuring and running large corporate systems on a daily basis. And he likes Arch. You don't have to update regularly with a rolling release, but it allows you to do so painlessly at any time. I think the bigger reason he likes it is that you can get an Arch install lean and mean. You only install what you feel is necessary and nothing else. Reply
  • dezza - Tuesday, May 11, 2010 - link

    No you don't have to update it, but that will leave exploits open ..

    If you update you have a new risk of newly forged exploits with the rolling release.

    There is a good reason why FreeBSD and Debian devs keep packages for a while .. I would not categorize ArchLinux as suited for servers.
    Reply

Log in

Don't have an account? Sign up now