[K12OSN] Talking to school about K12LTSP

[Henry Hartley]

Rob Owens wrote:
>> 
>> The problem with shutting down eth1 on the server, as
>> some have suggested, is that it will cut off internet
>> access *and* all other network connectivity such as
>> file shares, etc.  This may not be a problem for you
>> if your /home folders are not on a central server. 

It's more of a problem that that.  We don't want to turn off network
activity for ALL machines.  We want to say, this group gets internet
access, this other group does not.  So, no, turning off eth1 on the
server is not really much help.

>> You could set up some rules on a school-wide firewall
>> that would allow/disallow internet access to certain
>> servers, without disrupting network share connections.
>> CensorNet or IPCop have this feature built in (I
>> can't remember which, but I tested both and one of
>> them had that feature).  

I have had a Smoothwall firewall with DansGuardian on my home network in
the past.  We just moved and I was going to rebuild the firewall.  I had
heard about IPCop and what I read made it sound attractive so I thought
I'd give it a try.  Over the weekend, I installed IPCop on my home
firewall box and it was so easy.  We also installed it on a machine at
the school and added three add-on packages - DansGuardian (CopPlus),
LogSend, and BlockOutTraffic.  The last of those seems to do exactly
what we want, by IP address, which should be good enough.  I was very
impressed with how much easier these add-on packages are to install in
IPCop.

-- 
Henry