Terrell Prude', Jr.
microman at cmosnetworks.com
Tue Apr 27 23:29:59 UTC 2004
Then your NAT/PAT setup will get ugly, and I wouldn't recommend doing it
on the K12LTSP server itself, unless you're already pretty darned good
with iptables. However, I can think of two much easier solutions to this.
1.) Have the teachers on standalone GNU/Linux workstations, and then
they won't be sitting behind a PAT'ing box (the K12LTSP server). Have
the kids on K12LTSP servers, though.
2.) Put all of the teachers on one K12LTSP server, where the "teacher"
thin clients are on a separate VLAN, and just permanently bypass the
filter for that specific "teachers-only" K12LTSP server. Since they can
bypass the filter anyway at will, you're not losing anything here.
Mark Gumprecht wrote:
> The Bess system is maintained by the Maine School and Library Network
> (MSLN), they also supply our ip ranges and DHCP. Teachers are assigned
> override passwords to bypass the filter for research purposes. If I
> nat all, when a teacher overides the filter for their personal reasons
> on one internal computer, it would override the filter for everyone
> because the gateway machine is the only seen ip to the externally kept
> filter. I can purchase my own filter, but money is not there. I could
> set up my own, time's a commodity. MSLN already manages the filter and
> offers it to us at no extra charge. Eventually I will go to my own
> setup, but that is not possibly at this point. I do transparent proxy
> by using my sonicwall to forward to my proxy. I watch the SARG logs
> to see if there is anybody trying to proxy by the filter by bouncing
> off their own proxy machine at home. I hope this is not too wordy and
> that it is what you meant.
> Terrell Prude', Jr. wrote:
>> We do content filtering as well, in our case, with Symantec Web
>> Security (ugh--not my decision). Tell us more about your Bess
>> filtering system, how it's set up, are you doing transparent proxy,
>> and how you believe someone could "override" the filter.
>> Mark Gumprecht wrote:
>>> One hurdle to cross with the admin on LTSP is content filtering. I
>>> have the bess filtering system setup external to my network. If
>>> someone overrides the filter on a terminal does everyone get by? Is
>>> one-to-one nat the answer?
>>> Thanks in advance.
More information about the K12OSN