Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Proxy Server solution

S

Silas1066

macrumors regular
Original poster
Nov 1, 2009
110
0
I am looking to implement proxy servers at several locations in my company, and I wanted to get some advice from you guys.

A mac mini OSX server (I suppose it would be Lion at this point): it is inexpensive, doesn't require user licenses, and is easy to administer.

However, what proxy software would work with this? Squid is one possibility, but I am not sure how good it is, or how difficult it is to get to work with OSX.

Another option would be a Linux box, but I'm not sure what proxy software would work best here either.

Power and ease of administration are more important than cost.
 
B

bluetick

macrumors member
Mar 15, 2010
51
0
Silas1066 said:
I am looking to implement proxy servers at several locations in my company, and I wanted to get some advice from you guys.

A mac mini OSX server (I suppose it would be Lion at this point): it is inexpensive, doesn't require user licenses, and is easy to administer.

However, what proxy software would work with this? Squid is one possibility, but I am not sure how good it is, or how difficult it is to get to work with OSX.

Another option would be a Linux box, but I'm not sure what proxy software would work best here either.

Power and ease of administration are more important than cost.
Click to expand...

Squid on Linux is the same Squid, as on OS X.
 
E

edjrwinnt

macrumors member
Mar 8, 2008
66
3
North Ridgeville, Ohio
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
 
I

IscariotJ

macrumors 6502a
Jan 13, 2004
637
66
UK
edjrwinnt said:
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
Click to expand...

I haven't had much luck using the admin tools, ended up editing httpd.conf manually. I'll get around to posting the changes.

Apache vs Squid really depends on your requirements. Squid is relatively easy to configure for http/https proxying but can be configured to provide more advanced options such as throttling; it will even talk direct to certain Cisco switches so that traffic is automatically routed through Squid. However, depending on the size of user base and the functionality being provided it can be a resource hog ( some of the cached objects reside in memory ).

Apache is quite lightweight ( I've even got it configured as a proxy on my MBP for when I'm tethered.... ), but is worth considering if basic proxy/caching is all you're after.
 
E

edjrwinnt

macrumors member
Mar 8, 2008
66
3
North Ridgeville, Ohio
I actually got my Snow Leopard Proxy to work by setting the HTTPS proxy on the clients to use port 80 instead of port 443. Now everything works fine except Microsoft Outlook will not connect to my Exchange Server at work that using SSL to connect to a static IP Address.
 
hwojtek

hwojtek

macrumors 68020
Jan 26, 2008
2,274
1,276
Poznan, Poland
Squid all the way. And proper routing set up on the router in order to tunnel all port 80 requests through the Squid machine. I am running Squid (Fink) on my Leopard server and it works beautifully. I wanted to use Apache and drop my previous linuxbox at all, but I've had problems with Apache and routing in order to tunnel the traffic. While the Apache worked with the proxy set up in Network Preferences, it didn't work transparently when I tried my usual routing:
Code: 
PROXY_IP=192.168.0.12
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
in DDWRT. Since my linuxbox worked no problems, I just installed the Squid on OS X, copied my previous squid.conf, adjusted the paths and pronto.
 
Last edited:
belvdr

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
I ran squid for a month or so, and didn't find it to be caching much. This is due to many URLs appearing to be dynamic to the proxy engine. Overall I cached maybe 1 GB for a family of four. It wasn't worth the effort.
 
P

piccolodiavolo

macrumors newbie
Jun 28, 2011
2
0
Microsoft Forefront TMG

Hi,


Why not using a Microsoft Forefront Threat Management Gateway Appliance from company SecureGuard.

http://www.secureguard.at/Products/Small.aspx

Price is 999€ per unit (fully licensed). We have 13 of this and 4 of the 1000 series running in a mixed os (windows, mac, linux, bsd) environment.

Working like a charm!!! Really worth to go for such an appliance. You can create nice weekly, monthly web proxy reports, etc….


Greeeeeetz,


Stefan
 
Last edited:
G

gkedge

macrumors newbie
Feb 17, 2013
1
0
Add proxy_connect_module to get SSL Forward Proxy

edjrwinnt said:
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
Click to expand...

I got this working by adding the proxy_connect_module to the Apache's server mix. OS X Snow Leopard Server Admin: Web>Settings>Modules check Enable for proxy_connect_module.

Based on Apache's description, I don't understand why it wasn't on by default if he Web service was going to attempt forward proxy caching:
Apache Module mod_proxy_connect

Note: I have to make sure that any machine using the proxy bypasses my example.com local domain, otherwise remote Server Admin (and other interesting internal stuff) isn't going to work:
*.local, *.example.com
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom