[K12OSN] K12LTSP, Squid & SquidGuard
Terrell Prude', Jr.
microman at cmosnetworks.com
Sun Mar 7 19:02:02 UTC 2004
We do transparent proxy at our schools, too. We use a separate physical
proxy server for this purpose, though. I've heard that it's quite
difficult to get a K12LTSP server to transparently proxy to itself.
Theoretically, I imagine that it could be done, but you'd have to be an
iptables guru in order to do it.
Here's how I do transparent proxying.
WAN
|
|
Router
|
|
---------S-W-I-T-C-H------------------------------ MAIN LAN
| | | | (10.40.32.0/20)
| | | |
K12LTSP Web Proxy K12LTSP K12LTSP
Server Server Client Client
The switch is a Catalyst 3548. I have the router redirecting all
traffic, via a little policy routing, to the Web proxy server. This
way, it's a lot easier to rebuild your K12LTSP box if you need to, with
a stock install. Also, it offloads your K12LTSP server for running
apps. The Web proxy server doesn't need to be that big; I've found that
a Pentium III-733 with 256MB DRAM will nicely service a large high school.
--TP
Michael Elliott wrote:
> Hi Richard,
>
> Thanks for the reply. You are correct I was trying to use the server
> to connect to the internet. When I logged in to a client machine, I
> then launched Mozilla and entered in one of the sample URLs that are
> supposed to be blocked. As expected, it was open. So I entered the
> preferences of Mozilla. I changed the Direct connection to the
> internet to a Manual proxy configuration, I entered in the address of
> my K12LTSP (192.168.0.208) & Port 80. To be safe I restarted the
> browser, but I received an alert - The connection was refused when
> attempting to contact the proxy server. This was just going to
> google.com. I then for the heck of it changed the proxy address to
> the LAN side IP address that is see by our main LAN (192.168.1.208).
> Same alert. So finally I attempted to change the proxy setting to
> "Automatic proxy configuration" setting to my K12LTSP address.
> Unfortunately, I could get internet access to everthing once again.
>
> Any advice grealty appreciated!
> Michael
>
> Richard K. Ingalls wrote:
>
>> Michael Elliott wrote:
>>
>>> Hello and thank you for taking the time to read my message.
>>>
>>> I have started working with the K12LTSP 4.0 on a new system and I
>>> have a quick question or two. The LTSP will pretty much be used
>>> only for Word Processing, Spreadsheets & Internet access. I would
>>> like to monitor internet access specifically. I am assuming that
>>> Squid and SquidGuard are installed with the complete LTSP install.
>>> I was able to install Webmin which told me that Squid was running.
>>> In addition when I checked the system log I can see where SquidGuard
>>> was started. I was able to locate the blacklist folder and checkout
>>> some of the addresses and urls of sites that are supposed to be
>>> blocked. However, when I type in the url via lynx and mozilla I am
>>> able to get to the sites. I am not familiar enough to know where to
>>> go from here. I have attempted to find HowTo's but the links are
>>> either dead links or the files that are referenced in the Howto are
>>> in different locations, so I figured it would be best for me to post
>>> here and ask for advice.
>>
>>
>>
>> Are you attempting to access the internet to test your proxy filter
>> FROM the server? This will cause it to not work since the server
>> cannot be filtered. You have to test from a client in the network.
>> AND, you have to tell the web browser to use the proxy server!
>>
>>>
>>> Concerning the monitoring, I read that Sarg would be best for
>>> monitoring internet usage. Naturally, if my squid/squidguard do not
>>> appear to be fully working I figured I had better not get too far
>>> gone. Does anyone know of a HowTo that would assist with Sarg?
>>>
>>> Any help would be greatly appreciated, as would links to good sites
>>> for reference.
>>>
>>> Thanks,
>>> Michael
>>>
More information about the K12OSN
mailing list