Need advice re chaining http proxies

Need advice re chaining http proxies

Post by buck » Fri, 12 May 2006 04:30:09



Requesting advice for creating a transparent proxy setup that contains
these proxies:
Privoxy
Apache
hapv

Desired:
Privoxy blocks ads
Apache, (proxy is on) caches pages
hapv (a new [ver 0.79]) virus scans incoming http.

1) How can all LAN users be forced to hit the first proxy?
2) What should the order of the proxies be?  Why?
3) What ensures that only incoming requests will hit the proxy chain?
Apache must continue to serve outside generated requests.
4) Should one or more of the proxies use localhost rather than an
internal IP?

I want hapv on the firewall machine if possible because hapv uses a
specially mounted ("mand") hard drive partition to store parts of the
file downloaded and the firewall machine is the only one that has
unpartitioned space.

Setup:
4 computers behind a Linux firewall
************
| FIREWALL |
************
   |   |   |---->[ GoToMyPC demo ]
   |   |   |----->[ Winblows ]
   V   \--------|
************|   |
| Apache    |   |
| Postfix   |   |
| FTP server|   |
************|   |
   \-->[LAN]    |
                V
******************
| NNTP           |
******************

The Apache+Postfix+FTP computer has forwarding on and SNATs lan users.
All LAN machines have gateway set to this machine.

Each of the above proxies has been installed and tested.  Setting a
browser - to proxy to each in turn - behaves correctly.

Thanks for any examples, suggestions, Etc.!
--
buck

 
 
 

1. Advice needed for network planning (Firewall, Proxy, DNS, DHCP, SMB, FTP, HTTP, SSH, VPN)

Hello folks!

I am administering a small Network with some Linux boxes as servers and some
Windows based clients.
Now i am thinking about expanding this network with some additional
features.
The purpose of my thread is, to get some advice of you guys on how you would
set this whole thing up, concerning the architecture of the network.

************
For the moment the network looks like this:

1. Linux box with 2 NICs:
    - Firewalling between NIC1 (Internet Modem) and NIC2 (LAN)
    - DNS
    - DHCP

2. Linux box:
    - Samba, being the fileserver for the network as well as the PDC and
WINS

3.-7.: Windows clients
************

Now my situation is the following:
- I want to add the following servers:
    - FTP
    - HTTP
    - VPN having access to the windows domain of samba
    - Proxy
- I have 2 further PCs at my disposal (ranging from 400MHz to 850MHz)

My question is, on how I should design this network to make most sense in
terms of security and network logic. For instance a question would be if I
can set up the Proxy on the same box as the firewall with it's two NICs, or
if I should move it to a sperate PC having also 2 NICs, and to connect it's
NIC1 to the firewall and it's NIC2 to the LAN.

For instance: Does it make sense to do the following:

DSL----(NIC1)[Linux1 being Firewall](NIC2)----(Nic1)[Linux2 being
Proxy](Nic2)----LAN
on the LAN-Switch connected:
- Linux3 being: HTTP, FTP, DNS, DHCP
- Linux4 being: SMB PDC
- 5 Win clients

or is that much to complicated and overkill?
 How would you design the network with the given hardware?
Where would you place the VPN-server which should have acess to the shares
on the SMB-fileserver?
Could I still pass via SSH from internet to the Linux boxes everywhere?

Thanks for any idea
Tom

2. Linux for (pounds)2.95!

3. apache http proxy - http/1.0 vs http/1.1

4. Monitor resolution

5. ftp client proxy ms proxy firewall http proxy unix

6. Uninstalling 3.0 and trying again

7. Daisy chaining proxies? and quick proxy tester?

8. Problems with new NVidia / Riva X-Server

9. Comparing proxies: Proxy chaining - What happens when parent is down?

10. Apache Proxy server that will transform an HTTP request in a HTTPS request

11. https to https proxy search

12. HTTPS->HTTP Proxy

13. Any http proxy to accelerate http GET method?