Re: [K12OSN] nat

[Mark Gumprecht <gumprechtm msln net>]

The Bess system is maintained by the Maine School and Library Network 
(MSLN), they also supply our ip ranges and DHCP. Teachers are assigned 
override passwords to bypass the filter for research purposes. If I nat 
all, when a teacher overides the filter for their personal reasons on 
one internal computer, it would override the filter for everyone because 
the gateway machine is the only seen ip to the externally kept filter. I 
can purchase my own filter, but money is not there. I could set up my 
own, time's a commodity. MSLN already manages the filter and offers it 
to us at no extra charge. Eventually I will go to my own setup, but that 
is not possibly at this point. I do transparent proxy by using my 
sonicwall to forward to my proxy. I watch the  SARG logs to see if there 
is anybody trying to proxy by the filter by bouncing off their own proxy 
machine at home. I hope this is not too wordy and that it is what you meant.
Mark

Terrell Prude', Jr. wrote:

> We do content filtering as well, in our case, with Symantec Web 
> Security (ugh--not my decision).  Tell us more about your Bess 
> filtering system, how it's set up, are you doing transparent proxy, 
> and how you believe someone could "override" the filter.
>
> --TP
>
> Mark Gumprecht wrote:
>
> > One hurdle to cross with the admin on LTSP is content filtering. I 
> > have the bess filtering system setup external to my network. If 
> > someone overrides the filter on a terminal does everyone get by?  Is 
> > one-to-one nat the answer?
> > Thanks in advance.
> > Mark
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

--
Mark Gumprecht
Data Systems Specialist
MSAD#3
Unity, Maine 04988
Gumprechtm msln net