PDA

View Full Version : Configuring OSX as a proxy server




Silas1066
Mar 13, 2011, 10:41 AM
I am looking to put in some proxy servers in remote locations on my national network.

Needless to say, I don't want to use Windows ISA for this.

I could put in a Squid server running on some flavor of Linux, but I am wondering if the same thing can be done on OSX. Since there are no user licenses, and a mac mini is very inexpensive, it looks to be a good solution.

Any advice would be appreciated: just looking for a simple setup that will allow for proxy and logging, nothing crazy.



robbieduncan
Mar 13, 2011, 10:42 AM
SquidMan (http://web.me.com/adg/squidman/index.html)

IscariotJ
Mar 13, 2011, 03:40 PM
I am looking to put in some proxy servers in remote locations on my national network.

Needless to say, I don't want to use Windows ISA for this.

I could put in a Squid server running on some flavor of Linux, but I am wondering if the same thing can be done on OSX. Since there are no user licenses, and a mac mini is very inexpensive, it looks to be a good solution.

Any advice would be appreciated: just looking for a simple setup that will allow for proxy and logging, nothing crazy.

If all you're after is simple proxying ( and maybe caching, URL blocking ) OSX Server out of the box is more than capable For anything a bit advanced, you can't go wrong with Squid ( and it compiles nicely on OSX ).

Silas1066
Mar 13, 2011, 05:57 PM
couple questions:

Does SquidMan also provide proxy services for other clients? In other words, does it only work for your local machine (127.0.0.1)? Or can I point other machines to the mac running SquidMan (on port 8080)?

Does Mac OSX Server come with a caching proxy server built in? I see that you can do reverse-proxy in accordance with the remote access stuff, but I am just looking for caching (and logging) proxy capabilities for my internal clients.

robbieduncan
Mar 13, 2011, 06:06 PM
Does SquidMan also provide proxy services for other clients? In other words, does it only work for your local machine (127.0.0.1)? Or can I point other machines to the mac running SquidMan (on port 8080)?

All clients (assuming you don't firewall it).

belvdr
Mar 14, 2011, 09:44 AM
If you're proxying for caching of Internet requests, you may find it to have a very low ROI. Many of the URLs appear dynamic to proxy engines, so they don't cache the content. I tested Squid with WCCP in my home and couldn't get much caching to occur.

But, if you're looking for in-house WAN acceleration, I'd suggest looking at BlueCoat. They can proxy as well and have a very good GUI breaking down the acceleration of individual services.

myjay610
Mar 14, 2011, 11:54 AM
If you're proxying for caching of Internet requests, you may find it to have a very low ROI. Many of the URLs appear dynamic to proxy engines, so they don't cache the content. I tested Squid with WCCP in my home and couldn't get much caching to occur.

But, if you're looking for in-house WAN acceleration, I'd suggest looking at BlueCoat. They can proxy as well and have a very good GUI breaking down the acceleration of individual services.

Little bit of a price jump, no?

belvdr
Mar 14, 2011, 02:40 PM
Little bit of a price jump, no?

He mentioned the words "national network" so it may not be. What solution would you recommend? If it's for caching, the internal SATA drives and no second NIC on the mini could easily hamper performance.

Silas1066
Mar 15, 2011, 09:07 AM
I have Cisco ASA firewalls in all the remote branches, and we use Proofpoint for virus filtering, etc., so Bluecoat isn't really needed here.

What I need is

1. Caching
2. Reporting (able to view logs of activity, see where people are going, etc)
3. Blocking (if possible -I know Squid can do that)

In order to run SquidMan, do I need 2 network adapter cards? Will it do the stuff listed above?

belvdr
Mar 15, 2011, 11:04 AM
I have Cisco ASA firewalls in all the remote branches, and we use Proofpoint for virus filtering, etc., so Bluecoat isn't really needed here.

What I need is

1. Caching
2. Reporting (able to view logs of activity, see where people are going, etc)
3. Blocking (if possible -I know Squid can do that)

In order to run SquidMan, do I need 2 network adapter cards? Will it do the stuff listed above?

BlueCoat does caching/proxying. ASAs and virus scanning don't equate to "no BlueCoat" any more than it equates to "no caching". I can tell you this because we use ASAs and BlueCoat. It even accelerated some of the live meetings our users attend. I can tell you BlueCoat fits this situation perfectly and are easily managed, but I digress.

Are you looking to cache Internet or internal web content? Internet caching is not what it used to be. Many URLs used confuse the proxy into thinking it is uncacheable (dynamic).

It's also possible (with particular devices) to accelerate all WAN content. For example, we have a caching device in our corporate data center, and then have devices that accelerate the WAN. Of course, all sites come through corporate for Internet access. The end solution is that we can cache and accelerate almost all traffic on the WAN, especially email and other non-HTTP content.

It depends on where you place the proxy for the NIC count. If you use WCCP (possible with the ASAs), you only need one NIC. Of course, depending on traffic, your network, and number of users, it could overwhelm the NIC.