Modern businesses usually set up strict firewall rules to protect their network from unauthorized access. A proxy server is essential in allowing users on the office network to access blocked Internet resources. It also helps IT administrators efficiently manage network bandwidth by reducing unnecessary HTTP/HTTPS requests. Furthermore, a proxy server can also assist users in bypassing regional locks and restricted websites/services while travelling abroad. Now users can turn their QNAP NAS into a Proxy Server by installing the Proxy Server QPKG.
Please note: Proxy Server supports all Intel/AMD x86-based NAS, the TS-269H, TS-531P, TS-x31 series, and TS-31+ series. They must use QTS 4.2.1 (or newer). Based on the HTTPS request, Proxy Server cannot cache files but will still follow access control rules.
For old ARM models, please refer to below link for more information:
- Before starting
- Cache: Improve response time and save bandwidth
- Access Control: Make rules to allow/block certain users from connecting to certain websites
- Log Settings: Record connection information
- Antivirus: Perform packet inspection from Proxy Server to ensure a non-harmful Internet environment
- Advanced Settings
- Scenario: Combination of Proxy Server and VPN
- Proxy Client: Windows 10
- Proxy Client: Mac OS
- Proxy Client: Internet Explorer 11
- Proxy Client: iOS
- Proxy Client: Android
1. Ensure that “Proxy Server” is installed in the App Center.
2. Open “Proxy Server” to enter the setup page. You can enter each subpage on the left menu to change settings.
- Cache: Enable to decrease bandwidth usage and improve access efficiency. This app supports disk cache and memory cache.
- Access Control: Set rules by specifying source and destination addresses.
- Log settings: Enable to save HTTP/HTTPS requests to a system log.
- Antivirus: Scan Proxy Server's cached files to ensure system security.
- Settings: Change advanced settings for Proxy Server.
With this function, when a user accesses websites or downloads files the system will also store them in the NAS. If other users then access the same websites or files, they will be read from the NAS instead of downloading the same data again. This can help save bandwidth and also enhance the speed and efficiency of using the Internet.
With the perfect combination of NAS and Proxy Server, the large storage capacity can be used to store a massive cache, and provides fast R/W and network speeds to accelerate access to previously-viewed websites and files.
Please refer to the below steps to set up the cache function:
1. Click the Status switch to "On".
2. Set the relative registers:
- Location: Choose the data volume to store the cache on.
- Cache directory size: Enter the disk space to reserve for the cache.
- Minimum file size for disk cache/Maximum file size for disk cache: Enter the minimum/maximum size of files that can be cached. The system will not cache files that are out of this range.
- Cache swap floor/Cache swap ceiling: The system will follow these values for deleting older cached files. When the cache storage reaches the ceiling percentage, the system will delete cached files until it reaches the floor percentage.
Please note: TS-x59 models and the TS-269H can only store the cache on the default data volume.
3. Check “Enable additional memory caching” to use the memory cache function.
Please note: This function can adversely impact NAS performance. Please use it carefully.
Proxy Server will reserve 10MB RAM for every 1GB you assign as a disk cache and the system will reserve 15MB RAM for itself. So if you assign 6GB as a disk cache and set the additional cache memory size to 16MB, the total RAM usage of the Proxy Server will be 91MB ((6*10)+15+16).
- Additional cache memory size: The system will use this value as an additional memory cache.
- Maximum file size for memory cache: The system will not cache files that are larger than this value.
4. Click the top-right “Clear Disk Cache” to delete all of the cached files.
With this function, you can set access rules to select what users can access certain websites via Proxy Server. For example, you can set the rule to deny employees from accessing Facebook.
Please refer to the below steps to set up access controls:
1. Click the top-right “Create” button to add access rules.
When no rules exist, the default settings allow any website to be accessed by any device via Proxy Server.
- Action: Create an“Allow” or “Deny” rule.
- Type: Choose a “Source IP”, “Source hostname” or “Source MAC address” to decide which users can access Proxy Server. Choose a “Destination IP” or “Destination hostname” to allow/deny access to this destination.
- IP or Hostname: Based on the chosen type, enter the corresponding information.
Executable format types include:
Source IP: Can set a single IP or a range of IP addresses.
- Specfic IP address (ex. 172.17.32.5)
- A range of IP addresses (ex. 172.17.32.100-172.17.32.200)
- IP address and netmask using CIDR notation (ex. 172.17.32.0/24)
Source hostname: Can set a single hostname or domain name.
- Single hostname (ex. www.qnap.com)
- Domain name (ex. .qnap.com)
Source MAC address: Can set a MAC address of a source device.
Single MAC address (ex. 00:08:9B:C9:14:A2)
Destination IP: Can set a single IP or range of IP addresses of destination websites.
- Specfic IP address (ex. 220.127.116.11)
- A range of IP address (ex. 18.104.22.168-22.214.171.124)
- IP address and netmask using CIDR notation (ex. 126.96.36.199/24)
Destination hostname: Can set a single hostname or domain name.
- Single hostname (ex. www.google.com)
- Domain name (ex. .google.com)
2. After adding access rules you need to arrange their priority. Proxy Server will check the rules from top to bottom. If any rule matches the request, Proxy Server will stop checking for other rules. If no rules match, Proxy Server will deny these requests by default.
Using the below images for example, we have set a rule so that no-one can access Facebook and only 172.17.32.5 can access Proxy Server. But if you change the order, only 172.17.32.5 can access all destinations via Proxy Server. So generally you must set deny rules as the highest priority to guarantee they will be triggered prior to allowing rules.
3. Based on created rules, you can choose “ ” to edit, “ ” to delete and “ ”, “ ” or drag and drop to adjust the priority.
With this function, Proxy Server will record connection logs to generate statistics for user preferences and habits to aid network management.
Please refer to the below steps to set up Log settings:
1. Click the Status switch to "On". Use the right “Export log” button to download existing logs and “Clear log” can delete existing logs.
Enable “Send logs to syslog server” and enter a server IP and UDP port to send records to a syslog server.
With antivirus, the system will scan websites or files accessed using Proxy Server to protect your data and other devices in your local network.
The Antivirus function is currently only supported by Intel/AMD x86-based NAS, the TS-269H, TS-531P, and TS-31+ series.
Please refer to the below steps to set up antivirus:
1. Click the Status switch to "On" to enable antivirus. When first enabled, the system will need to update virus definitions from “Control Panel” > “Antivirus”.
2. After enabling this function you can set up a whitelist (file types on the white list will not be scanned.) Enable “File types” then choose from the list or set manually.
3. Enable “Account” to let trusted users use Proxy Server without having their files scanned for viruses.
Please note: You must check “Enable authentication” in the “Settings” page before using this function.
4. Enable “Maximum file size for scanning” to set the upper limit for file size. Files exceeding this size will not be scanned.
Here you can fine tune and customize Proxy Server including the default port number, NAS account authentication and more.
Please refer to the below steps to set up advanced settings:
1. Change the Proxy Server port (the default is 3128.)
Please note: For external access to Proxy Server, please manually set the port forwarding in your router or use “myQNAPcloud” > “Auto Router Configuration” > “Enable UPnP port forwarding” to open the port.
2. Check “Enable authentication” to set access rights to Proxy Server. You can set to allow all NAS users or, allow these specified user groups, or allow these specified users.
3. Check “Enable advanced settings” to customize Proxy Server by editing the configuration file.
Please note: For “Access Control” settings, you need to connect your NAS via SSH to modify the files in /usr/local/squid/etc/acl_http.conf and /usr/local/squid/etc/acl.conf. For more information about editing the configuration file, please refer to:
4. Click “Restore to default” to reset all settings for Proxy Server.
With the combination of VPN and Proxy Server, you can easily connect the internet environments of two locations to construct a virtual private network and use Proxy Server to decide which one can access this private tunnel and cache the access files to enhance efficiency.
For example, an IT department can use the VPN server and client features to connect a home office and overseas division and use Proxy Server settings to only let sales and project managers access the files of the overseas division. The Proxy Server cache function allows other users can access the same files in the office with no need to download from the overseas division again.
For more information on VPN settings, please refer to:
1. Go to “Settings” > “Network & Internet”.
2. Choose “Proxy”, go to “Manual proxy setup” and enable “Use a proxy server”. Then enter the IP address and port number of Proxy Server.
3. If you enable the “Settings” > “Enable authentication” function in Proxy Server, then you must enter the NAS user’s account and password before using the Internet via Proxy Server.
1. Go to “System Preferences” > “Network”.
2. Choose the network interface you want to enable the Proxy function on and click “Advanced”.
3. In the “Proxies” tab, select a protocol (only HTTP and HTTPS are currently supported) and enter the IP address and port number of Proxy Server. If you enable the “Settings” > “Enable authentication” function in Proxy Server, then you must enter the NAS user’s account and password before using the Internet via Proxy Server.
Using Internet Explorer 11 as an example:
Click "Tools" and select "Internet options"
Go to "Connections" and click "LAN Settings".
Enter the proxy information of the Turbo NAS.
If you have enabled access controls on the proxy server, you must enter your user credentials.
iOS (iPhone, iPod Touch, and iPad)
Go to "Settings".
Go to "Wi-Fi", select a connection you want to use with the HTTP proxy, and connect. Press the right-arrow button to open the detailed settings.
In the HTTP Proxy settings, select "Manual" and enter the Internet address and proxy port of the Turbo NAS. You must also enter the username and password if access controls have been enabled.
Android (Using an HTC phone as an example)
Go to "Settings".
Go to "Wi-Fi".
Connect to your Wi-Fi network of choice. Then touch and hold the chosen Wi-Fi network for 3 seconds
Select "Modify network".
Select "Show advanced options".
Enter the proxy information and select "Save".