Introduction to Proxy Servers
Do you have a growing family at home slowly eating away at your bandwidth? Maybe you're a web surfing fanatic looking for a little more speed? If you answered yes to either, a caching proxy is for you. This simple addition to your home network can provide you with additional bandwidth by reducing common internet bandwidth usage. Normally these types of proxies are found in the commercial world, but they're just as useful at home. Below is an image of a traditional multi-computer home network.
Traditional Home Network
So what is a caching proxy server? The concept is pretty simple: when a request is made to a website, that content is then saved locally on the local caching proxy server. When another request for the same data is made by any machine on your network, that data is retrieved from your local proxy rather than the internet. The content can be anything from regular website content to a file you downloaded. For those with multiple computers in a single household, the bandwidth savings really adds up with patches and multi computer driver updates. The change to the network configuration is really quite small:
Home Network with Proxy Server
At this point many are likely asking how much this costs. If you read my previous article, you would know the answer right away: "It's free and it's on Linux". I suppose I need to preface that last comment with the qualification that you need some old "junky but functional" hardware lying around. There are many different Linux solutions we can deploy to achieve this goal. For this article I have chosen a solution of Arch Linux, Shorewall, and Squid.
We selected Arch Linux because it is a rolling release and has the latest and greatest packages. If you are not familiar with the phrase "rolling release", in Linux it indicated a distribution that keeps you up-to-date with the latest software updates via the package manager. You will never have to re-install or upgrade your server from one release version to the next with this style of distribution. The great part about a rolling release on a proxy/firewall setup is that once it's set up and working correctly, you will not have to go back and completely overhaul the server when a newer distribution update comes out.
Along with the different types of OS and application solutions, there are also multiple ways to set up a caching proxy. My preferred setup is a transparent caching proxy. A transparent proxy does not require you to make any additional changes to the client computers on your network. You utilize the proxy server as your home gateway, allowing the proxy server to automatically forward the ports to Squid. The second way to utilize Squid would be to set up your client machines to utilize the proxy server via the proxy settings in your browser. Although this may be the easiest way to set up a proxy server, it requires you to make changes for any machine that attaches to your network. The table below shows what I selected for my transparent caching proxy server.
Test Proxy System | |
Component | Description |
Processor |
Intel Pentium 4 3.06GHz (3.06GHz, 130nm, 512K cache, Single-core + Hyper-Threading, 70W) |
Memory | 2x256MB PC800 RDRAM |
Motherboard | Asus P4T |
Hard Drives | 120GB Western Digital SATA |
Video Card | ATI Radeon 7000 |
Operating Systems | Arch Linux (32-bit) |
Network Cards |
Onboard Intel Gigabit PCI 100Mbit 3Com 3c905C-TX |
I could have selected older equipment, but this is what I had laying around the house. As seen in the table, one of the hardware requirements for a transparent proxy is to have two network cards or a dual port network card. We recommend against using wireless for either of the connections to the proxy server, and a Gigabit Ethernet connection from the proxy to the rest of the network is ideal. (The connection to your broadband link can be 100Mbit without imposing any bottleneck.) Another quick suggestion: If you download a fair amount of files, it may be a wise idea to utilize at least a 120GB HDD. The idea is that the more space you have, the longer you can keep your files stored on your proxy server. With storage being so cheap, you could easily add a 500GB or larger drive for under $100.
Now that we have our hardware and a good idea what we want to set up, it's time to get installing. I'll try to keep this portion simple and to the point, although if you have questions later feel free to post a comment.
96 Comments
View All Comments
dilidolo - Tuesday, May 11, 2010 - link
I use pfSense as my firewall and wireless AP. Just use an old PC with pci wireless card and you are set, not even a wireless routerJarredWalton - Tuesday, May 11, 2010 - link
You can of course go that route. You could make the Linux box your router and DHCP source. But most people already have a wireless router so connecting to that makes sense to me. I'd have to purchase a wireless PCI card to put in a Linux box, and traditionally wireless cards have far more limited range than routers (due to the single small antenna and sub-optimal location of being behind a large computer).But as with all things Linux, there are many ways to set things up. This was a short article to introduce a useful concept that many users likely haven't thought about.
leexgx - Tuesday, May 11, 2010 - link
i was going to question the same thing but then i thought last time i setup IPcop i would of done the same thing disable the DHCP server and use it as an HUB/APmain thing i loved with IPcop was the bandwidth throttle i could cap it 5KB under my upload limit i could set utorrent or emule to full upload speeds and i could still play games online lag free (but removed due to lack of supporting uPnP i needed it for MSN remote support and games that Required Upnp {bit lame} at all hope this review used an linux distro with an upnp server on the lan side and i had an look and it did not)
ninjaproxy - Monday, May 20, 2013 - link
With a proxy site you can browse your favorite web sites anonymously and even from behind a firewall with blocked ports. Whether you are on the job, at school, a college university, a public terminal or anywhere else with a web browser.http://www.ninjaproxy.eu
http://www.ninjaproxy.org.uk
http://www.vtunnel.ca
http://www.fbproxy.us
http://www.ninjacloak.us
http://www.proxyninja.us
Zok - Tuesday, May 11, 2010 - link
I've always wanted to tackle something like this, but the power draw has always been the biggest turn off. If average power consumpton hovers around 100W, that's about $105/year for the American average.I'd love to ditch my router/AP, but, sadly, I just don't see the benefit of replacing it with something that's significantly more power hungry, unable to act as a dual-band 802.11n AP (last I checked, the drivers weren't out yet for AP mode, if ever), would cost nearly as much as a good dedicated device to outfit with 3-4 additional LAN ports, and is typically physically large and hideous - not to mention the PITA of hours of initial setup and troubleshooting, when you're not a Linux expert.
In my dreams, I wish there would simply be a beefier all-in-one WRT54G-like device running an Atom, supported dual-band 802.11n radio(s), and SATA, allowing for full-blown Linux in a compact package that would be so win.
JarredWalton - Tuesday, May 11, 2010 - link
Depends on where you live, obviously, though the national average appears to be just over $0.10 per kWh:http://www.eia.doe.gov/electricity/epm/table5_6_a....
That's why I mention the attractiveness of a Mini-ITX setup, particularly with Atom or similar. Most nettops use a maximum of around 25W, so that would be 1/4 the cost of a typical system, and a nettop is about the same size as a standard router. Too bad they don't have two NICs.
Zok - Tuesday, May 11, 2010 - link
I've explored such a scenario. Unfortunately, at this point, the best it seems I can do is the Mini-ITX router going to the 802.11n AP. Adding another device into the network (upfront cost + power), without removing any others seems like a poor value proposition to me, at least with FiOS speeds.Don't get me wrong, I like the idea. I'm just waiting for someone to come along and actually produce a fully-integrated device (x86 CPU, memory, mobo, 4-5 Ethernet ports, Linux-AP supported 802.11n radios, case - without using large expansion cards/slots) that is under $250 and isn't awkwardly large and ugly. Having the 4-5 port switch and (potentially) the radios integrated into the motherboard itself is what I am looking for, although I'd be OK with Mini-PCIe for the radios.
taltamir - Tuesday, May 11, 2010 - link
I am pretty much in the same boat.
at my power rate a 24/7/365 device costs me about 1$ per watt per year.
so putting a 75 watt old computer there is another 75$ a year...
I can't wait to ditch my router for a linux based router, but it doesn't seem to be happening.
Actually, it doesn't even need to be an x86 CPU, any CPU will do. ARM and PowerPC are both supported by linux
ChrisRice - Tuesday, May 11, 2010 - link
There are various power saving techniques you can use to keep the power down as well. If your processor supports speed stepping you can utilizing that as well as powering down actual hardware until use is needed. I wanted to keep the article short so I didn't get into those areas.clarkn0va - Friday, May 14, 2010 - link
http://www.newegg.ca/Product/Product.aspx?Item=N82...A little over your stated budget, but good value nonetheless. Throw a supported wireless card (try ubnt.com) into the spare slot, add your favourite distro and life is good.