[K12OSN] transparent proxying with LTSP

Brad Johnson bjohnson at independence.k12.ia.us
Thu Feb 23 14:42:19 UTC 2006


On Feb 23, 2006, at 8:24 AM, Mark Gumprecht wrote:

> I'm in the process of setting up IPCop as well. Anyone have  
> dhcrelay working for ipcop? I'm trying to put an in-line filter  
> with cop+ and still pass external dhcp requests. Or if some one has  
> a better idea of how to accomplish that, I'm open. I would NAT, but  
> it is a 1024 subnet and the middle of the school year... Also  
> looking to get dansguardian on K12ltspEL for the labs.
> Mark
>
> Luis Montes wrote:
>
>> Brad Johnson wrote:
>>
>>> Greetings everyone,
>>>
>>> I am in the final stages of completing our first large LTSP lab.   
>>> In the past, I have been setting the proxy settings inside  
>>> Firefox, but would prefer to do this transparently.  Does anyone  
>>> have any experience doing this with ipchains, or any GUI-based  
>>> firewalls?  What is your advice? I'd also prefer to redirect to  
>>> an existing squid/dansguardian proxy that I already have, but I  
>>> can live with setting up an additional proxy if I have to.
>>>
>>> Thanks,
>>>
>>> Brad
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>> What are you using for your existing proxy? I've used clarkconnect  
>> in the past on a seperate box, but now I'm using ipcop.
>> Both can be setup as transparent filters, but ipcop(with the cop  
>> plus addon) lets you schedule automatic blocklists for free.
>> I believe Eric has also done some dansgaurdian/squidgaurd work in  
>> k12 as well.
>>
>> Luis
>>

Ok guys, after a little googling, here is what I came up with.  Now,  
before I do this, please know that I am not currently running ANY  
type of firewall on this LTSP box.  If I create the following entry,  
do I need to then create additional entries to allow other types of  
traffic?  I don't want my LTSP box to stop working because of the  
following rules:

iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j DNAT  
--to dansguardian/squid box:8080

Someone please tell me it's this easy!

Brad
>




More information about the K12OSN mailing list