To install Proxy Server you'll need at least two network interface cards (NICs), one for internal connections to the proxy server and one for external connections. The external NIC should be directly connected to your Internet gateway. In addition to the roughly 12 MB of hard disk space that Proxy Server requires, you'll also need sufficient hard disk space to support the local caching of Web pages. For a small network, this could be on the order of 100 MB to 200 MB, but larger and more active networks will require substantially more—at least ten times more.
For security reasons, your internal NIC should be on a separate physical segment of the network from the external NIC. You need to ensure that all traffic stays only on the segment on which it belongs and that everything passes through the proxy server. Your external NIC should have a valid, official IP address registered to your domain. The internal NIC and all your internal machines can have either valid, registered IP addresses, or they can use IP addresses from the RFC 1918 range of privatized addresses. Normal routing rules apply on the internal segment, with the proxy server's internal IP address being the final gateway.
To install Proxy Server 2 on a Windows 2000 Server, you need to use the Microsoft Proxy Server Setup Wizard available on the Microsoft Web site at http://www.microsoft.com/proxy. This wizard will patch Microsoft Proxy Server 2 during the installation to allow it to work with Windows 2000. If you're running a later version of Proxy Server, you won't need this wizard. To install Proxy Server 2 on Windows 2000, follow these steps:
- Close all Microsoft Management Console (MMC) applications before proceeding.
- Locate the Microsoft Proxy Server Setup Wizard (Msp2wizi.exe) and start it to open the standard Microsoft license agreement screen, as shown in Figure 30-1.
Figure 30-1. The standard license agreement screen of the Microsoft Proxy Server 2.0 Setup Wizard.
- Read the license carefully and then click Yes to agree to it. (If you click No, the setup will terminate.) Once you've clicked Yes, the main wizard screen will open, as shown in Figure 30-2.
Figure 30-2. The Microsoft Proxy Server 2.0 Setup Wizard.
- Insert your Microsoft Proxy Server CD or the BackOffice 4.5 CD #3 into your CD drive, and click Continue to start the actual Microsoft Proxy Server installation program shown in Figure 30-3. If you don't have the CD inserted in the drive, a standard Browse dialog box will prompt you to locate the source folder. Click Continue.
Figure 30-3. The Microsoft Proxy Server Setup Wizard's welcome screen.
- Type in the product license key that came with your copy of Proxy Server, and click OK to continue. Your product ID will be displayed. Click OK again to open the installation location dialog box shown in Figure 30-4.
Figure 30-4. The Microsoft Proxy Server installation location dialog box.
- At this dialog box, you can change the installation location by clicking the Change Folder button. When you've chosen the location, click the large button to begin installation and set your installation options, as shown in Figure 30-5.
Figure 30-5. The Microsoft Proxy Server - Installation Options dialog box.
- Select the options you want to install for Proxy Server. The default is to install all options, requiring approximately 12 MB of free disk space. When you've made your selections, click Continue.
- The installation program will stop your Web services to install Proxy Server. When the services stop, you'll be prompted to enable caching and to choose the size and location of the cache, shown in Figure 30-6.
Figure 30-6. The Microsoft Proxy Server Cache Drives dialog box.
- Set the size and location of your local Web cache. The default is a single 100-MB cache, but this size probably won't be optimal for larger installations. You can place your cache on any NTFS drive, and you should distribute it across your available NTFS volumes. Click OK.
- The Local Address Table Configuration dialog box appears, shown in Figure 30-7. Here you can build your local address table. This table tells the proxy server which addresses are local and which addresses to expect to be outside the proxy server.
Figure 30-7. The Local Address Table Configuration dialog box.
- In the Edit box, type the range of addresses on your local network. You don't need to add any RFC 1918 privatized addresses—they'll be added automatically when you click the Construct Table button.
- Click the Add button to move a range of addresses from the Edit box to the Internal IP Ranges box. When you've added all your internal IP addresses, click the Construct Table button to open the Construct Local Address Table dialog box shown in Figure 30-8.
- To add the private IP addresses automatically, select the Add The Private Ranges To The Table check box. If you want to allow Windows 2000 to use the internal IP routing table, specify the network cards from which it should read to prevent adding addresses from the external interface. When you've made your selections, click OK.
- A setup message will appear, warning you that the automatically constructed LAT might include external addresses. Click OK again to return to the Local Address Table Configuration dialog box in Figure 30-7.
Figure 30-8. The Construct Local Address Table dialog box.
- Now you'll see the automatically configured LAT as Proxy Server is about to construct it. Edit it to remove any external addresses from the table or any other errors you encounter. If any local addresses aren't showing, add them in. When the table is correct, click OK to open the Client Installation/Configuration dialog box shown in Figure 30-9.
Figure 30-9. The Client Installation/Configuration dialog box.
- In the Client Installation/Configuration dialog box, set the options that control how clients connect to Proxy Server. The defaults use the computer's NetBIOS name and automatic configuration of the client during initial client setup. Generally, the defaults are fine, but if you have specific needs, you can modify these settings. When you've completed the settings, click OK to open the Access Control dialog box.
- If you enable access control on the WinSock and Web Proxy services (the default), only those clients that have been explicitly assigned permission to use them will be allowed access to the Internet via this proxy server. No clients will have access to the Internet until you configure the proxy server. If you clear the boxes, all clients will have access. You can change this setting from the proxy administrator later. When you've finished making your settings, click OK.
- A message appears stating that packet filtering can be enabled later. Click OK and Proxy Server will finish installing. When it completes and restarts the Web services, click Finish and you're done. Note that you'll need to reboot your server for all your settings to take effect.