[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] transparent proxying with LTSP--SOLVED



	
On Feb 23, 2006, at 11:18 AM, Mike Ely wrote:

Brad Johnson wrote:
On Feb 23, 2006, at 10:28 AM, Mike Ely wrote:
Ok guys, after a little googling, here is what I came up with. Now, before I do this, please know that I am not currently running ANY type of firewall on this LTSP box. If I create the following entry, do I need to then create additional entries to allow other types of traffic? I don't want my LTSP box to stop working because of the following rules: iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 - j DNAT --to dansguardian/squid box:8080
Someone please tell me it's this easy!

Actually, it's easier. I've been running ipcop for a while here, and really you can just let 'er rip - don't bother with that ruleset. Install the advproxy and urlfilter mods for ipcop ( http:// www.advproxy.net/ ), turn on "transparent mode" for the proxy, and you're golden. If you set the ports the way you have indicated, you will break pages that specifically run on port 8080...

Cheers,
Mike

Ok, so here's what I've got......
LTSP network connects to LSTP server--connects to remainder of LAN-- connects to Internet. Where do I put the IPCop Box....do I put it directly between LTSP and the remainder of the LAN?

Ours sits between our LAN and the internet. If the clients on your LAN are transparently proxied, then your LTSP clients will also. This applies to your current configuration as well.

Mike



Thanks for the help today guys. I must admit, I am iptables- challenged. Since I currently already had a squid/danguardian box on the network, my prefernce was to continue using it. I then found an old post on the list from 2003, courtesy of Eric Harrison, that led me directly to this wiki link:
http://k12ltsp.org/phpwiki/index.php/WebFiltering%3AIntegration

which provided me with the two following rules:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to- destination 192.168.1.1:3128




magically, the tranparent proxying began working for my LTSP lab! Thanks to everyone!

Brad


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]