Introduction to Proxy Servers

Do you have a growing family at home slowly eating away at your bandwidth? Maybe you're a web surfing fanatic looking for a little more speed? If you answered yes to either, a caching proxy is for you. This simple addition to your home network can provide you with additional bandwidth by reducing common internet bandwidth usage. Normally these types of proxies are found in the commercial world, but they're just as useful at home. Below is an image of a traditional multi-computer home network.


Traditional Home Network

So what is a caching proxy server? The concept is pretty simple: when a request is made to a website, that content is then saved locally on the local caching proxy server. When another request for the same data is made by any machine on your network, that data is retrieved from your local proxy rather than the internet. The content can be anything from regular website content to a file you downloaded. For those with multiple computers in a single household, the bandwidth savings really adds up with patches and multi computer driver updates. The change to the network configuration is really quite small:


Home Network with Proxy Server

At this point many are likely asking how much this costs. If you read my previous article, you would know the answer right away: "It's free and it's on Linux". I suppose I need to preface that last comment with the qualification that you need some old "junky but functional" hardware lying around. There are many different Linux solutions we can deploy to achieve this goal. For this article I have chosen a solution of Arch Linux, Shorewall, and Squid.

We selected Arch Linux because it is a rolling release and has the latest and greatest packages. If you are not familiar with the phrase "rolling release", in Linux it indicated a distribution that keeps you up-to-date with the latest software updates via the package manager. You will never have to re-install or upgrade your server from one release version to the next with this style of distribution. The great part about a rolling release on a proxy/firewall setup is that once it's set up and working correctly, you will not have to go back and completely overhaul the server when a newer distribution update comes out.

Along with the different types of OS and application solutions, there are also multiple ways to set up a caching proxy. My preferred setup is a transparent caching proxy. A transparent proxy does not require you to make any additional changes to the client computers on your network. You utilize the proxy server as your home gateway, allowing the proxy server to automatically forward the ports to Squid. The second way to utilize Squid would be to set up your client machines to utilize the proxy server via the proxy settings in your browser. Although this may be the easiest way to set up a proxy server, it requires you to make changes for any machine that attaches to your network. The table below shows what I selected for my transparent caching proxy server.

Test Proxy System
Component Description
Processor Intel Pentium 4 3.06GHz
(3.06GHz, 130nm, 512K cache, Single-core + Hyper-Threading, 70W)
Memory 2x256MB PC800 RDRAM
Motherboard Asus P4T
Hard Drives 120GB Western Digital SATA
Video Card ATI Radeon 7000
Operating Systems Arch Linux (32-bit)
Network Cards Onboard Intel Gigabit
PCI 100Mbit 3Com 3c905C-TX

I could have selected older equipment, but this is what I had laying around the house. As seen in the table, one of the hardware requirements for a transparent proxy is to have two network cards or a dual port network card. We recommend against using wireless for either of the connections to the proxy server, and a Gigabit Ethernet connection from the proxy to the rest of the network is ideal. (The connection to your broadband link can be 100Mbit without imposing any bottleneck.) Another quick suggestion: If you download a fair amount of files, it may be a wise idea to utilize at least a 120GB HDD. The idea is that the more space you have, the longer you can keep your files stored on your proxy server. With storage being so cheap, you could easily add a 500GB or larger drive for under $100.

Now that we have our hardware and a good idea what we want to set up, it's time to get installing. I'll try to keep this portion simple and to the point, although if you have questions later feel free to post a comment.

Proxy Server How To
POST A COMMENT

97 Comments

View All Comments

  • KaarlisK - Tuesday, May 11, 2010 - link

    A semi old machine probably won't have any virtualization instructions.
    I fear to think what will happen when you chain these virtual machines together :D though I may be completely wrong.
    Reply
  • JarredWalton - Tuesday, May 11, 2010 - link

    Virtualization may be the answer, but what was the question? "What is the answer to life, the universe, and everything?" Virtualization! And 42.

    Good night, all!
    Reply
  • ChrisRice - Tuesday, May 11, 2010 - link

    I agree with this statement completely. Setting up a KVM/VMware server is a great way to get even more use out of your centralized computer. With the proper hardware and switching you can go one further and make it fail over in case of an outage "Ya I know a bit over done for home but allot of fun". Reply
  • mindless1 - Tuesday, May 11, 2010 - link

    Once you get your target for memory caching you can determine how old a system will suffice based on reasonably upgradable memory capacity. For example, a Pentium II/350MHz with 768MB of memory would suffice for many home users, but alas you probably want a more modern, not worn out old, hard drive that uses SATA.

    It's not hard to get power consumption down low though, follow the same standards for underclocking that you would for overclocking, remembering that the typical bottlenecks are not memory or bus frequency, or CPU processing capability. As with the hard drive there is yet another issue, a box like this you would typically plan to set up and use for years at a time so if you pick a box already 5 years old that would've lasted 10 years total, do you want to have to do the project over again for no reason other than to avoid having spent a few dollars more now?
    Reply
  • chromatix - Tuesday, May 11, 2010 - link

    I've had a setup very like this for about a decade, using everything from a 486SX/25 running Red Hat 6.1 up to an Athlon-XP 2500 with a RAID-5 array, and back down to a redundant PowerBook G3 running Gentoo. I happen to run a caching DNS server as well on the same box, partly because at various times I've found ISP DNS service to be unreliable.

    The G3 is *silent*, and sufficiently powerful both to do it's job and compile Gentoo updates. It's the best use I've found for an old PowerBook ever. It even still has a few minutes of life in the built-in UPS, and if I wanted to I could extend that to about 5 hours for about €100. ;-)

    There are some downsides to Squid. As an enterprise-grade tool it has a very slow development cycle, and the stable versions do not yet support IPv6 and - as Peacekeeper demonstrates - have trouble with some recent webservers. In general though it works well.
    Reply
  • EvilIgor - Tuesday, May 11, 2010 - link

    I would recommed Smoothwall instead. But this alot more powerfull then just a proxy. Reply
  • ChrisRice - Tuesday, May 11, 2010 - link

    Smoothwall is another great product that I have used in the past. Its a very easy setup with a nice GUI interface. However I have found over the past few times I have worked with Smoothwall that it is lacking in features compared to a more traditional Linux setup. Reply
  • rahvin - Tuesday, May 11, 2010 - link

    Chris,

    I believe you are making a mistake to assume that the user has configured their interfaces exactly as the 2-interface example. If I were you, I would edit the article and add an edit the of interfaces file to correct the zones to match the network configuration the user has chosen or tell the user that the internet needs to be on a particular interface.

    FWIW I agree with your choice of Shorewall, although less popular it's far more configurable than most of the other packages although you have to be accustomed to the "linux/unix" way of management (ie text configuration files). I'm glad you pointed users to it, although I would be happier if you suggested Debian as it's easier to manage security updates IMO, and that's a critical feature for a persistently connected box.
    Reply
  • LiamC - Thursday, May 13, 2010 - link

    What features (mentioned in your article) would it be missing? If you just want a (transparent) proxy that handles account authentication and DHCP, then Smoothwall fits the bill--and also acts as a firewall. And it is very easy to setup. Reply
  • Exodite - Tuesday, May 11, 2010 - link

    I suppose I'm spoiled by living in a country with decent network standards but to me the obvious solution would be to just get rid of the router and modem and plug your home switch straight into the ethernet wall outlet. :)

    Oh well.
    Reply

Log in

Don't have an account? Sign up now