[K12OSN] Censornet help

Wed Apr 26 12:22:57 UTC 2006

Dimitri,
I was playing with censornet yesterday and was having the same type of 
issues. This is what cured mine.
At the CCT after original setup;
I did a lan probe of workstations
I imported my users from active directory
I reset the admin area
and that took care of getting into the web interface, granting it is 
enabled in the initial setup along with the access passwords.
1 screwup I had was I had the NICs backwards. Even though I was in 
bridge mode the iptables still looks at which nic is which as far as 
internal and external. Something I'm going to check on and maybe some 
already has, is using iptables/ebtables to port forward 80 traffic to 
port 8080. I came across this web site that talks about it.
http://freshmeat.net/articles/view/1433/
Go to the section on transparent redirection. I replaced 3128 with 8080.
HTH
Mark

David Whitmer wrote:
>> Hi to all.
>>
>> I was wondering if anyone's using Censornet.  I've
>> installed the latest 
>> version on CentOS 3.6.  No matter what I try, I
>> can't get it to work.
>>
>> Some info.:  I'm using iptables to connect/protect
>> my LAN and DMZ.  The 
>> interfaces are eth0 (public), eth1 (private,
>> 192.168.100.1/22), and eth2 
>> (DMZ, 192.168.1.1/24).  I've given the Censornet box
>> the address 
>> 192.168.100.14/22.  It's in bridged mode.  I believe
>> I have everything 
>> configured correctly.  Censornet finds and
>> configures the 3COM nics.  I've 
>> tried different wiring combinations between the LAN,
>> router private 
>> interface, and the two Censornet interfaces. 
>> Depending on the wiring, I get 
>> a) connected to the internet without being
>> authenticated or, b) not connected 
>> or, c) (if I specify a proxy in the Web browser,
>> which I'd rather not do) 
>> prompted repeatedly for uname and pw without ever
>> connecting; if I cancel the 
>> prompt, I'm told I don't have authorization to use
>> the Web.  Grrrrrrr!
>>
>> Is anyone using the current version of Censornet in
>> a setting like mine who 
>> can show me the error of my IT ways?  The help
>> would, as always, be greatly 
>> appreciated.
>>
>> Dimitri
>>
>>     
>
> Dimitri,
>
> Along with checking the Censornet forums, have you
> also tried their FAQ? (http://www.censornet.com/faq/)
>
> Have you tried to access the Internet directly from
> the Censornet box itself, to make sure it can access
> the Internet okay?
>
> We're not yet using the latest version of Censornet,
> but at least with ours, you DO have to set the proxy
> address and port information in web browsers.  (Though
> with K12LTSP, I can just set that once in all.js
> rather than every individual PC.)
>
> By default, Censornet expects web browsers to connect
> to it on port 8080 (in your case,
> 192.168.100.14:8080).  When the browser first
> connects, you'll be prompted for a username &
> password.  Here you enter a username & password
> created through Censornet web-based admin interface. 
> If you just press cancel instead (your option (c) I
> think), then it will deny web access to that computer.
>  That's the way Censornet is designed to work... it's
> an authenticating proxy with filtering.  Much of its
> web-access restrictions and reporting are based on
> usernames.
>
> Brian mentioned the Censornet forums.  I believe that
> in the past, setting up transparent proxy-based
> filtering has been often discussed on their forums. 
> In short, Censornet isn't designed to do that, though
> it can be "hacked" to make it work that way.
>
> I hope this helps!
>
> David Whitmer
> Media and Technology Director
> Calvary Schools of Holland (Michigan)
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>   

-- 
?Mark Gumprecht
MSAD3
Unity, Maine 04988
gumprechtm at msad3.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060426/8cf1251d/attachment.htm>