Linux as Proxy Server

Is there some software that will allow me to build a Linux server and use it
as a pure proxy server? I don't need a firewall, nor do I want a firewall
to run on this server. The server only needs to have one interface.

I want to have some of my machines inside my firewall to use this new
machine as a caching proxy.

Also, from outside my firewall, I want to be able to access my firewall on a
non-standard port and have it pass the traffic to my proxy server. Then I
want the proxy server to handle the internet requests.




George

On 2007-10-03, George <(E-Mail Removed)> wrote:
> Is there some software that will allow me to build a Linux server and use it
> as a pure proxy server? I don't need a firewall, nor do I want a firewall
> to run on this server. The server only needs to have one interface.
>
> I want to have some of my machines inside my firewall to use this new
> machine as a caching proxy.


download squid and read about iptables. (caching proxy only makes
sense for HTTP, pretty much)

>
> Also, from outside my firewall, I want to be able to access my firewall on a
> non-standard port and have it pass the traffic to my proxy server. Then I
> want the proxy server to handle the internet requests.
>

I am not sure what you mean here.

i

Thanks for the reply.

What I really want is the proxy server to handle the request no mater if the
originating machine is on my network or is accessing it from the outside.

Caching would only be necessary for http and https, maybe FTP.

I will check out squid.

"Ignoramus7591" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> On 2007-10-03, George <(E-Mail Removed)> wrote:
>> Is there some software that will allow me to build a Linux server and use
>> it
>> as a pure proxy server? I don't need a firewall, nor do I want a
>> firewall
>> to run on this server. The server only needs to have one interface.
>>
>> I want to have some of my machines inside my firewall to use this new
>> machine as a caching proxy.
>
>
> download squid and read about iptables. (caching proxy only makes
> sense for HTTP, pretty much)
>
>>
>> Also, from outside my firewall, I want to be able to access my firewall
>> on a
>> non-standard port and have it pass the traffic to my proxy server. Then
>> I
>> want the proxy server to handle the internet requests.
>>
>
> I am not sure what you mean here.
>
> i

On 2007-10-03, George <(E-Mail Removed)> wrote:
> Thanks for the reply.
>
> What I really want is the proxy server to handle the request no mater if the
> originating machine is on my network or is accessing it from the outside.

This can very quickly get you in big trouble (spammers and hackers
abusing open proxies).

> Caching would only be necessary for http and https, maybe FTP.
>
> I will check out squid.

Check out squid and proxy only your internal network -- do not make it
available to the outside computers. Verify specifically that outside
machines cannot use your machine as a proxy.

i

> "Ignoramus7591" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> On 2007-10-03, George <(E-Mail Removed)> wrote:
>>> Is there some software that will allow me to build a Linux server and use
>>> it
>>> as a pure proxy server? I don't need a firewall, nor do I want a
>>> firewall
>>> to run on this server. The server only needs to have one interface.
>>>
>>> I want to have some of my machines inside my firewall to use this new
>>> machine as a caching proxy.
>>
>>
>> download squid and read about iptables. (caching proxy only makes
>> sense for HTTP, pretty much)
>>
>>>
>>> Also, from outside my firewall, I want to be able to access my firewall
>>> on a
>>> non-standard port and have it pass the traffic to my proxy server. Then
>>> I
>>> want the proxy server to handle the internet requests.
>>>
>>
>> I am not sure what you mean here.
>>
>> i
>

I,

I appreciate your advice. I understand completely the implications of
allowing outside hosts into my network. I have a very valid reason for
doing this. I will take all other possible precautions. My only questions
were is it technically feasible and if so, how.

Maybe when I get another machine, I will use Linux for a complete firewall
instead of my Linksys.



"Ignoramus7591" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> On 2007-10-03, George <(E-Mail Removed)> wrote:
>> Thanks for the reply.
>>
>> What I really want is the proxy server to handle the request no mater if
>> the
>> originating machine is on my network or is accessing it from the outside.
>
> This can very quickly get you in big trouble (spammers and hackers
> abusing open proxies).
>
>> Caching would only be necessary for http and https, maybe FTP.
>>
>> I will check out squid.
>
> Check out squid and proxy only your internal network -- do not make it
> available to the outside computers. Verify specifically that outside
> machines cannot use your machine as a proxy.
>
> i

On 2007-10-04, George <(E-Mail Removed)> wrote:
> I,
>
> I appreciate your advice. I understand completely the implications of
> allowing outside hosts into my network. I have a very valid reason for
> doing this. I will take all other possible precautions. My only questions
> were is it technically feasible and if so, how.
>
> Maybe when I get another machine, I will use Linux for a complete firewall
> instead of my Linksys.
>

You do not need an extra linux box to be your firewall, you can use
the box you are using for other purposes. It does not need to be
dedicated.

i

>
> "Ignoramus7591" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> On 2007-10-03, George <(E-Mail Removed)> wrote:
>>> Thanks for the reply.
>>>
>>> What I really want is the proxy server to handle the request no mater if
>>> the
>>> originating machine is on my network or is accessing it from the outside.
>>
>> This can very quickly get you in big trouble (spammers and hackers
>> abusing open proxies).
>>
>>> Caching would only be necessary for http and https, maybe FTP.
>>>
>>> I will check out squid.
>>
>> Check out squid and proxy only your internal network -- do not make it
>> available to the outside computers. Verify specifically that outside
>> machines cannot use your machine as a proxy.
>>
>> i
>
>

George wrote:
> Thanks for the reply.
>
> What I really want is the proxy server to handle the request no mater if
> the originating machine is on my network or is accessing it from the
> outside.
>
> Caching would only be necessary for http and https, maybe FTP.
>

https cannot be cached - the encryption codes for a given transfer are
known only to the browser and the web server, so the proxy machine
cannot see the contents and therefore cannot cache anything. If that
were not the case, then the whole concept of https would be worthless.
(It is possible to get squid to do some types of http to https
translation, but not https caching.)


> I will check out squid.
>
> "Ignoramus7591" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> On 2007-10-03, George <(E-Mail Removed)> wrote:
>>> Is there some software that will allow me to build a Linux server and
>>> use it
>>> as a pure proxy server? I don't need a firewall, nor do I want a
>>> firewall
>>> to run on this server. The server only needs to have one interface.
>>>
>>> I want to have some of my machines inside my firewall to use this new
>>> machine as a caching proxy.
>>
>>
>> download squid and read about iptables. (caching proxy only makes
>> sense for HTTP, pretty much)
>>
>>>
>>> Also, from outside my firewall, I want to be able to access my
>>> firewall on a
>>> non-standard port and have it pass the traffic to my proxy server.
>>> Then I
>>> want the proxy server to handle the internet requests.
>>>
>>
>> I am not sure what you mean here.
>>
>> i
>

George <(E-Mail Removed)> wrote:
> I appreciate your advice. I understand completely the implications of
> allowing outside hosts into my network.

That's not the problem we're concerned about.

You must specifically ensure that hosts outside your network cannot use
your web proxy to access other hosts outside your network.

Chris

George wrote:
> Is there some software that will allow me to build a Linux server and
> use it as a pure proxy server? I don't need a firewall, nor do I want a
> firewall to run on this server. The server only needs to have one
> interface.
>
> I want to have some of my machines inside my firewall to use this new
> machine as a caching proxy.
>
> Also, from outside my firewall, I want to be able to access my firewall
> on a non-standard port and have it pass the traffic to my proxy server.
> Then I want the proxy server to handle the internet requests.
>
>

"squid" if you want a caching proxy
"apache" with mod-proxy if you just want a pass thru proxy.

Alexander Spitzer
Bonsai Bonanza
http://www.BonsaiBonanza.com

That is exactly what I want to do. I should be able to put the proxy on
another port so that anonymous users won't be able to access the proxy.
Also, wouldn't I be able to put a password on the server.

"Chris Davies" <chris-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> George <(E-Mail Removed)> wrote:
>> I appreciate your advice. I understand completely the implications of
>> allowing outside hosts into my network.
>
> That's not the problem we're concerned about.
>
> You must specifically ensure that hosts outside your network cannot use
> your web proxy to access other hosts outside your network.
>
> Chris