[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [arturo@mezcal.dyndns.org: Re: [seul-edu] Filters for SQUID]

To: seul-edu@seul.org
Subject: Re: [arturo@mezcal.dyndns.org: Re: [seul-edu] Filters for SQUID]
From: Harry McGregor <micros@azstarnet.com>
Date: Thu, 25 May 2000 13:37:19 -0700 (MST)
In-Reply-To: <392D899C.37CF8264@blueneptune.com>

Don't have a default gateway on the local systems.  In that way, you can 
ONLY get out of your network throught the proxy server.

You can also do this with IP Chains on the router (if you are using a
linux router), and have it redirect 0.0.0.0/0 port 80 to squid.server
port 8080.

At the charterschool that I am currently typing this from, we are using
10.x.x.x addresses, using NAT on a Cisco 675 DSL router (we were
previously running a Linux Router Project, Materhorn system (2.2.x kernel
based), but have switched to PPP based RADSL from ethernet bridging DSL,
and can now have the Cisco router do the task).  It's address (internal)
is 10.1.1.1, our server is on 10.1.1.2, and the workstations (diskless)
get addresses via BOOTP from the server (as well as FS over Root Over
NFS).  The workstations are configured to have a route to 10.1.1.0/24 on
eth0, but that is it.  They can talk to our DNS server (10.1.1.2) and to
our proxy (10.1.1.2) over the localnet, but they don't know what to do
with packets that are intended for anything other that 10.1.1.x/24, and
thus they complain "no route to host", if you disable the proxy server
settings.

I am running a similar setup with an LRP firewall at Corbett Elementary
School, which just blocks port 80 requests.

			Harry

On Thu, 25 May 2000, Daniel P. Kionka wrote:

> I am trying to set up the same thing.  squidGuard looks good, but it
> looks like it is easy to defeat.  You just change your preferences to
> not use a proxy, and then set it back when you are done surfing.  Is
> there some way to use ipchains to force the web traffic through squid?
> 
> Dan
> 
> Jim Wildman wrote:
> > 
> > Before reinvinting the wheel, check out
> > www.squidguard.com
> > It is very fast, flexible and powerful
> > 
> > --------------------------------------------------------------------------
> > Jim Wildman                         Senior Consultant, 3X Corporation
> > jawildman@cfanet.com                jim.wildman@3x.com  www.3x.com
> > http://www.cfanet.com/jawildman     (513)587-3647
> > 
> > On Sun, 21 May 2000, Roger Dingledine wrote:
> > 
> > > We at Red Escolar would like to write an ip-chains (or whatever comes
> > > next) setup applet for GNOME, so that the teachers can block the sites
> > > they don't want their students to use. Maybe add a profile mannager and
> > > support multiple configurations.
> 

--
Harry McGregor, CEO, Co-Founder
hmcgregor@osef.org, (520) 202-OSEF (6733)
Open Source Education Foundation, http://www.osef.org

Follow-Ups:
- Star Office and Sun (2).
  - From: Arturo Espinosa Aldama <arturo@mezcal.dyndns.org>

References:
- Re: [arturo@mezcal.dyndns.org: Re: [seul-edu] Filters for SQUID]
  - From: "Daniel P. Kionka" <dkionka@blueneptune.com>

Prev by Date: Re: [arturo@mezcal.dyndns.org: Re: [seul-edu] Filters for SQUID]
Next by Date: Re: Suggestion to all about firewalling
Prev by thread: Re: [arturo@mezcal.dyndns.org: Re: [seul-edu] Filters for SQUID]
Next by thread: Star Office and Sun (2).
Index(es):
- Date
- Thread