Introduction to Proxy Servers

Do you have a growing family at home slowly eating away at your bandwidth? Maybe you're a web surfing fanatic looking for a little more speed? If you answered yes to either, a caching proxy is for you. This simple addition to your home network can provide you with additional bandwidth by reducing common internet bandwidth usage. Normally these types of proxies are found in the commercial world, but they're just as useful at home. Below is an image of a traditional multi-computer home network.


Traditional Home Network

So what is a caching proxy server? The concept is pretty simple: when a request is made to a website, that content is then saved locally on the local caching proxy server. When another request for the same data is made by any machine on your network, that data is retrieved from your local proxy rather than the internet. The content can be anything from regular website content to a file you downloaded. For those with multiple computers in a single household, the bandwidth savings really adds up with patches and multi computer driver updates. The change to the network configuration is really quite small:


Home Network with Proxy Server

At this point many are likely asking how much this costs. If you read my previous article, you would know the answer right away: "It's free and it's on Linux". I suppose I need to preface that last comment with the qualification that you need some old "junky but functional" hardware lying around. There are many different Linux solutions we can deploy to achieve this goal. For this article I have chosen a solution of Arch Linux, Shorewall, and Squid.

We selected Arch Linux because it is a rolling release and has the latest and greatest packages. If you are not familiar with the phrase "rolling release", in Linux it indicated a distribution that keeps you up-to-date with the latest software updates via the package manager. You will never have to re-install or upgrade your server from one release version to the next with this style of distribution. The great part about a rolling release on a proxy/firewall setup is that once it's set up and working correctly, you will not have to go back and completely overhaul the server when a newer distribution update comes out.

Along with the different types of OS and application solutions, there are also multiple ways to set up a caching proxy. My preferred setup is a transparent caching proxy. A transparent proxy does not require you to make any additional changes to the client computers on your network. You utilize the proxy server as your home gateway, allowing the proxy server to automatically forward the ports to Squid. The second way to utilize Squid would be to set up your client machines to utilize the proxy server via the proxy settings in your browser. Although this may be the easiest way to set up a proxy server, it requires you to make changes for any machine that attaches to your network. The table below shows what I selected for my transparent caching proxy server.

Test Proxy System
Component Description
Processor Intel Pentium 4 3.06GHz
(3.06GHz, 130nm, 512K cache, Single-core + Hyper-Threading, 70W)
Memory 2x256MB PC800 RDRAM
Motherboard Asus P4T
Hard Drives 120GB Western Digital SATA
Video Card ATI Radeon 7000
Operating Systems Arch Linux (32-bit)
Network Cards Onboard Intel Gigabit
PCI 100Mbit 3Com 3c905C-TX

I could have selected older equipment, but this is what I had laying around the house. As seen in the table, one of the hardware requirements for a transparent proxy is to have two network cards or a dual port network card. We recommend against using wireless for either of the connections to the proxy server, and a Gigabit Ethernet connection from the proxy to the rest of the network is ideal. (The connection to your broadband link can be 100Mbit without imposing any bottleneck.) Another quick suggestion: If you download a fair amount of files, it may be a wise idea to utilize at least a 120GB HDD. The idea is that the more space you have, the longer you can keep your files stored on your proxy server. With storage being so cheap, you could easily add a 500GB or larger drive for under $100.

Now that we have our hardware and a good idea what we want to set up, it's time to get installing. I'll try to keep this portion simple and to the point, although if you have questions later feel free to post a comment.

Proxy Server How To
POST A COMMENT

97 Comments

View All Comments

  • Jeff7181 - Tuesday, May 11, 2010 - link

    A Pentium 4 3.06 GHz chip with HT? Are you insane? You're going to use one of the most power hungry consumer grade CPU's of all time to run a firewall & proxy? I'm all for dinking around with old hardware and turning them into a Linux box... file server... router... whatever. But a 3.06 GHz P4???

    Regardless... I like this... in fact, I'd like you see you add DNS and Samba to the build. (hey... if you can afford the power draw of a P4, what's another 20 watts for a couple high capacity hard drives?)
    Reply
  • mariush - Tuesday, May 11, 2010 - link

    It would have been much easier to install FreeBSD and squid... it's just a question of adding pre-made packages that configure and install by themselves. Reply
  • GullLars - Wednesday, May 12, 2010 - link

    Thanks a lot for this guide. It will get a bookmark for later use. Reply
  • Brian B - Wednesday, May 12, 2010 - link

    I have a VM host system in the basement. It would be very easy to bring up a tiny VM with two virtual NICs and install LINUX. But does anyone know if this setup should function correctly? Since the VMs are in most every way just PC's on the network, I cant think of a good reason it *shouldnt* work but maybe I'm missing something... Reply
  • ChrisRice - Thursday, May 13, 2010 - link

    Yes it will work. Reply
  • CZroe - Thursday, May 13, 2010 - link

    I want to set up OpenVPN to allow me to route my Internet traffic through a certain PC from another Internet connection. I can think of many uses. For example, if I want to hide tethering traffic from my cellphone provider, I can open a an encrypted VPN tunnel using a VPN client on the tethered PC to connect to my home network's VPN server but, instead of just using it to access remote files and LAN services, I want to use it to route Internet traffic through it (through VPN connection over Internet to LAN and back out onto the 'net). I know this is possiblem I just don't know how. Reply
  • thebeastie - Thursday, May 13, 2010 - link

    I have always liked the idea of proxy servers, but the problem I have always seen with them is that people who set them up only set them up to proxy small content like web images etc and ignore some one watching a web cast of CNN or something.

    maximum_object_size 2048 MB
    ? Why bother.

    Web proxies were huge in the 90s but died away as general internet got fast or people just unfairly blamed or assumed the proxy is ruining their internet under any circumstance where the internet wasn't working.

    I think there is a bigger future in 'large content only' proxy servers where if something is more then 8megs, then cache it.

    I would say proxies were started when web images were the biggest thing on web pages in the 90s but that has turned full circle and is now the smallest thing on the internet.

    The other crazy part of it all is that a lot of web sites that have only large content like news videos go out of their way to make sure it cant be cached, why bother.
    Reply
  • Kenazo - Thursday, May 13, 2010 - link

    Not sure if it's been mentioned in any of the comments yet, but I've used Smoothwall Express with good results for home and small business use. Linux based, easy to install and can run on any garbage Pentium III you have kicking around. Reply
  • pkoi - Sunday, May 16, 2010 - link

    +1, "easy to install and can run on any garbage Pentium III you have kicking around. " Reply
  • gwolfman - Thursday, May 13, 2010 - link

    I'd go the transparent method, except for the fact that the Netflix plugin/addon for WMC (Windows Media Center) gives me a bogus error. Without the proxy, all works as is should. Anyone else run into this? Reply

Log in

Don't have an account? Sign up now