Proxy Server solution - MacRumors Forums
Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 8, 2011, 10:53 AM   #1
Silas1066
macrumors member
 
Join Date: Nov 2009
Proxy Server solution

I am looking to implement proxy servers at several locations in my company, and I wanted to get some advice from you guys.

A mac mini OSX server (I suppose it would be Lion at this point): it is inexpensive, doesn't require user licenses, and is easy to administer.

However, what proxy software would work with this? Squid is one possibility, but I am not sure how good it is, or how difficult it is to get to work with OSX.

Another option would be a Linux box, but I'm not sure what proxy software would work best here either.

Power and ease of administration are more important than cost.
Silas1066 is offline   0 Reply With Quote
Old Jul 11, 2011, 02:45 PM   #2
bluetick
macrumors member
 
Join Date: Mar 2010
Quote:
Originally Posted by Silas1066 View Post
I am looking to implement proxy servers at several locations in my company, and I wanted to get some advice from you guys.

A mac mini OSX server (I suppose it would be Lion at this point): it is inexpensive, doesn't require user licenses, and is easy to administer.

However, what proxy software would work with this? Squid is one possibility, but I am not sure how good it is, or how difficult it is to get to work with OSX.

Another option would be a Linux box, but I'm not sure what proxy software would work best here either.

Power and ease of administration are more important than cost.
Squid on Linux is the same Squid, as on OS X.
bluetick is offline   0 Reply With Quote
Old Jul 11, 2011, 06:24 PM   #3
edjrwinnt
macrumors newbie
 
Join Date: Mar 2008
Location: North Ridgeville, Ohio
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
edjrwinnt is offline   0 Reply With Quote
Old Jul 12, 2011, 02:00 PM   #4
IscariotJ
macrumors 6502a
 
Join Date: Jan 2004
Location: UK
Quote:
Originally Posted by edjrwinnt View Post
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
I haven't had much luck using the admin tools, ended up editing httpd.conf manually. I'll get around to posting the changes.

Apache vs Squid really depends on your requirements. Squid is relatively easy to configure for http/https proxying but can be configured to provide more advanced options such as throttling; it will even talk direct to certain Cisco switches so that traffic is automatically routed through Squid. However, depending on the size of user base and the functionality being provided it can be a resource hog ( some of the cached objects reside in memory ).

Apache is quite lightweight ( I've even got it configured as a proxy on my MBP for when I'm tethered.... ), but is worth considering if basic proxy/caching is all you're after.
__________________
32GB iPhone, 64GB iPad
IscariotJ is offline   0 Reply With Quote
Old Jul 12, 2011, 11:17 PM   #5
edjrwinnt
macrumors newbie
 
Join Date: Mar 2008
Location: North Ridgeville, Ohio
I actually got my Snow Leopard Proxy to work by setting the HTTPS proxy on the clients to use port 80 instead of port 443. Now everything works fine except Microsoft Outlook will not connect to my Exchange Server at work that using SSL to connect to a static IP Address.
edjrwinnt is offline   0 Reply With Quote
Old Jul 19, 2011, 11:27 AM   #6
hwojtek
macrumors 6502a
 
Join Date: Jan 2008
Location: A small rural village in western Poland
Squid all the way. And proper routing set up on the router in order to tunnel all port 80 requests through the Squid machine. I am running Squid (Fink) on my Leopard server and it works beautifully. I wanted to use Apache and drop my previous linuxbox at all, but I've had problems with Apache and routing in order to tunnel the traffic. While the Apache worked with the proxy set up in Network Preferences, it didn't work transparently when I tried my usual routing:
Code:
PROXY_IP=192.168.0.12
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
in DDWRT. Since my linuxbox worked no problems, I just installed the Squid on OS X, copied my previous squid.conf, adjusted the paths and pronto.
__________________
Wojtek
More Macs than I can count, really. Like 20 or so...

Last edited by hwojtek; Jul 19, 2011 at 11:32 AM.
hwojtek is offline   0 Reply With Quote
Old Jul 19, 2011, 06:06 PM   #7
belvdr
macrumors 68040
 
Join Date: Aug 2005
I ran squid for a month or so, and didn't find it to be caching much. This is due to many URLs appearing to be dynamic to the proxy engine. Overall I cached maybe 1 GB for a family of four. It wasn't worth the effort.
belvdr is offline   0 Reply With Quote
Old Jul 21, 2011, 10:43 AM   #8
smitty97
macrumors member
 
Join Date: Jun 2006
Squid no longer runs under 10.7 Lion. Any alternatives?
smitty97 is offline   0 Reply With Quote
Old Jul 21, 2011, 11:38 AM   #9
hwojtek
macrumors 6502a
 
Join Date: Jan 2008
Location: A small rural village in western Poland
Build it from source maybe?
__________________
Wojtek
More Macs than I can count, really. Like 20 or so...
hwojtek is offline   0 Reply With Quote
Old Jul 21, 2011, 01:10 PM   #10
piccolodiavolo
macrumors newbie
 
Join Date: Jun 2011
Microsoft Forefront TMG

Hi,


Why not using a Microsoft Forefront Threat Management Gateway Appliance from company SecureGuard.

http://www.secureguard.at/Products/Small.aspx

Price is 999€ per unit (fully licensed). We have 13 of this and 4 of the 1000 series running in a mixed os (windows, mac, linux, bsd) environment.

Working like a charm!!! Really worth to go for such an appliance. You can create nice weekly, monthly web proxy reports, etc….


Greeeeeetz,


Stefan

Last edited by piccolodiavolo; Jul 21, 2011 at 01:40 PM.
piccolodiavolo is offline   0 Reply With Quote
Old Jul 23, 2011, 09:52 AM   #11
hwojtek
macrumors 6502a
 
Join Date: Jan 2008
Location: A small rural village in western Poland
Yeah, absolutely. At 1k Euro/unit this is a goddamn bargain.
__________________
Wojtek
More Macs than I can count, really. Like 20 or so...
hwojtek is offline   0 Reply With Quote
Old Jul 24, 2011, 03:40 PM   #12
smitty97
macrumors member
 
Join Date: Jun 2006
Quote:
Originally Posted by hwojtek View Post
Build it from source maybe?
ok, that worked. had to tinker with the conf file a bit, but it's running.
smitty97 is offline   0 Reply With Quote
Old Aug 9, 2011, 03:34 PM   #13
bentoms
macrumors regular
 
Join Date: Mar 2006
Quote:
Originally Posted by smitty97 View Post
ok, that worked. had to tinker with the conf file a bit, but it's running.
Please can you give steps on what you did?
bentoms is offline   0 Reply With Quote
Old Feb 17, 2013, 08:59 PM   #14
gkedge
macrumors newbie
 
Join Date: Feb 2013
Add proxy_connect_module to get SSL Forward Proxy

Quote:
Originally Posted by edjrwinnt View Post
I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
I got this working by adding the proxy_connect_module to the Apache's server mix. OS X Snow Leopard Server Admin: Web>Settings>Modules check Enable for proxy_connect_module.

Based on Apache's description, I don't understand why it wasn't on by default if he Web service was going to attempt forward proxy caching:
Apache Module mod_proxy_connect

Note: I have to make sure that any machine using the proxy bypasses my example.com local domain, otherwise remote Server Admin (and other interesting internal stuff) isn't going to work:
*.local, *.example.com

Last edited by gkedge; Feb 17, 2013 at 09:17 PM. Reason: Had to note client bypasses to the forward caching proxy for internal host access.
gkedge is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Mac Mini server with external RAID storage - a good file server solution? teme Digital Video 1 Mar 5, 2014 10:34 AM
Proxy Server software GoRla89 OS X Mavericks (10.9) 1 Dec 31, 2013 07:52 PM
Proxy Server ? Peace Site and Forum Feedback 1 Nov 18, 2013 03:25 PM
Problem with proxy server pm4698 MacBook Pro 0 Feb 18, 2013 12:18 PM
How to configure Mac as a proxy server (not to use a proxy server!) unfrostedpoptar Mac OS X Server, Xserve, and Networking 3 Aug 9, 2012 09:44 AM

Forum Jump

All times are GMT -5. The time now is 06:59 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC