[ale] SOHO Proxy - Questions

brucelists at bellsouth.net brucelists at bellsouth.net
Thu Jun 23 12:20:34 EDT 2005


Hey all, been a while since I posted on these lists (subscribed under a new e-mail addr). A while back I had put together a one-armed http proxy using SuSE 9.1, Squid and squidGuard - plus filters from the squidGuard project. I simply pointed browsers to the proxy and away we went. After a while, I took the server down and rebuilt it into a desktop. I'm planning on putting up another proxy, and had some questions.

First: roll your own versus a distro. For SOHO use, would you simply use SuSE, Fedora, Debian, ... - and configure it - or would you download the kernel, compile and build from scratch? I'm thinking using any major distro and keeping up with security patches should be fine for a home-use proxy, not so sure about a small business / non-profit proxy though.

Second: would you combine firewall and proxy duties on one box, or build two? Right now I have a Linksys router (I know, it's not really a firewall). So - would you go brandx router crossover cable to firewall/proxy for tighter control? 

Third: three PCs are for home use, one is for business use and connects via VPN to the work network. My initial thought is to go Linksys to internal LAN, have my work PC and the proxy on the internal LAN (not the DMZ segment on my Linksys - that's a scary thought). Home PC's would be behind the proxy.

Fourth: can filters and reports be based on userid authentication, or are they IP based? I do not use DHCP at home, and manually assign everything - so it is a non-issue, but if I were to replicate the proxy for a church or for a friend - I think DHCP would be used.

Finally - while I do not use DHCP at home, if I were to build a proxy for a network that does use DHCP, could I pass the DHCP requests through the proxy server, or would I need to run firewall, proxy and dhcp all on the one box?

Also - do any of you use Viralator and CLAMAV on squid proxies? Is it an effective solution? All my Win PC's (I know, that's a bad word) - have Antivirus running, current, and scanning daily. Still we got infected when my wife snagged my work PC, opened a Hotmail attachment and infected it. I don't want to try to 'splain that at the office! (I did change the password and repeated the "don't use my work PC for anything ever" mantra - but we've had that issue before).

(if I go the Debian route - anyone downloaded Sarge stable and burned to CD? I'm not sure if I'll go Debian or SuSE - not anything against any other distros, it's just that I am slightly more familiar with those.)



More information about the Ale mailing list