Re: [K12OSN] CIPA and Squidguard

["Ryan 'Gozar' Collins" <me ryancollins org>]

on 4/1/03 12:18 AM, Eric Harrison at eharrison mail mesd k12 or us said:
> On Mon, 31 Mar 2003, Ryan Collins wrote:
>> Mike Rambo said:
>>> All this to say that an explicit warning against using ipchains may help
>>> out someone else who is tempted to do what we did out of convenience.
>> Can I ask what issues you were having? We've been using ipchains to
>> transparently proxy our network for 2 1/2 years now and haven't had a
>> problem (~600 machines, around half active on the net at a time).
>> 
> Are you using a 2.2.x kernel?
> 
> ipchains is the native firewall in the 2.2.x kernels.
> 
> iptables is the native firewall in the 2.4.x kernels.
> 
> The 2.4.x kernels also have an ipchains emulation mode that more-or-less
> maps the ipchains behavoir ontop of iptables. This emulation mode is
> less efficient than ipchains in the 2.2.x kernels. Depending on what
> you are doing, this can really kill performance.

Ok, that's why its working for me. My squid box is a RH7.0 box with a 2.2.x
kernel.

-- 
Ryan Collins             Kenton City Schools Technology Coordinator
collinsr kenton k12 oh us              http://www.kenton.k12.oh.us/
Help Desk- http://www.kenton.k12.oh.us/helpdesk/

"When will the public cease to insult the teacher's calling with empty
flattery? When will men who would never for a moment encourage their own
sons to enter the work of the public schools cease to tell us that education
is the greatest and noblest of all human callings?"
-William C. Bagley