[CentOS] proxy server - ipcop vs CentOS

Wed Aug 16 18:58:11 UTC 2006
Toby Schaefer <tschaefer at republicmo.com>


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Craig White
Sent: Wednesday, August 16, 2006 12:38 PM
To: CentOS mailing list
Subject: RE: [CentOS] proxy server - ipcop vs CentOS

On Wed, 2006-08-16 at 13:17 -0400, William L. Maltby wrote:
> On Wed, 2006-08-16 at 12:53 -0400, David Nalley wrote:
> > >-----Original Message-----
> > >From: centos-bounces at centos.org on behalf of Craig White
> > >Sent: Wed 8/16/2006 11:22 AM
> > >To: CentOS mailing list
> > >Subject: [CentOS] proxy server - ipcop vs CentOS
> > > 
> > >I have purchased a used Compaq DL360 which I was going to use as a
proxy
> > >server. Presently, we are using a cheap box with ipcop which is
working
> > >fine but it didn't have much RAM (64MB), etc.
> 
> IPCop itself doesn't need much. I have it installed on 3 machines,
> "lowest" is an AMD 5x86 100MHz (equiv to a 486DX?) with 32MB. A DX/2
> 66MHz aptiva with 32MB and a 200MHz Pentium with 64MB (I know, so
> wastful... just for now). The slowest (66MHz) with 3C509 half-duplex
ISA
> NICS gets 477K bytes/sec off my cable modem. The fastest gets me
almost
> 700KB (670, 680, ... depending on source site).
> 
> But I don't run anything but IPCop on those units. I have no idea what
> will happen if you start running other services on the firewall.
> 
----
I like ipcop too - this new box I am going to use has 512MB RAM and at
least 2 built-in NIC's but I am thinking of a heavy reliance upon squid
and dansguardian and I am thinking that I will get a much more versatile
firewall/proxy server using CentOS/squid/dansguardian than by using
ipcop and using their squid and trying to bring in dansguardian into the
mix - but I don't know...which is why I asked.

I am using ipcop with a few clients and it works fine - even with lesser
hardware but then, I am not exactly pushing it - which my previous
experience with squid is that it functions better with more resources
(RAM/HD) and toss in dansguardian, I think I have enough hardware to
run.

Craig

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos



I've used both for their respective purposes fairly extensively, and I
can say that I've always been glad that my DansGuardian/Squid boxes are
on a full distro.  I am aware that IpCop has some plugins available for
DG, but they are generally not supported by the DG team at all.

The full distro method does require a little more setup time, especially
if you are using transparent proxy; however, the ability to *fully*
configure it [and get support from the list if you need it] is well
worth the extra time it takes to harden the box from outside influences.
I will say though that depending on the number of users that you have,
DG can be quite memory hungry if you have weighted phrases turned on...
512MB may be a bit slim for >100 concurrent users.

Hope this helps,

Toby