[K12OSN] transparent proxying workstations from eth0 to eth1

Almquist Burke balmquist at mindfirestudios.com
Sun Aug 19 16:35:46 UTC 2007


What kind of content filter/proxy do you have on the gateway??
The only thing you should have to turn on is forwarding for  
workstations which have the LTSP server between them and the gateway.  
The gateway should take care of the rest. It's very difficult to do  
the proxy/filter on the LTSP server. It's really meant to be run on  
the gateway.
Trust me, I've tried this in a one server school. You basically end  
up filtering non-root outgoing and all forwarding traffic through a  
complicated iptables mess.

On Aug 16, 2007, at 12:27 PM, Huck wrote:

> Yay...a breakthrough this morning...
>
> just turning on those services 'transparent-proxying' etc.etc.etc..
> doesn't do much ;)
>
> one must actually edit the /etc/squid.conf file  (and  
> squidGuard.conf if they plan on filtering anything)
>
> and there these are the items I edit'd:
>
> http_port  192.168.0.254:3128 transparent   (to allow transparent  
> proxying)
>
> THEN-----in the ACL section...
>
> acl ltsp src 192.168.0.0/255.255.255.0
>
>
> THEN-----in the http_access section
>
> http_access allow ltsp
>
>
> and finally...the line to redirect stuff through SquidGuard..I put  
> as the last line of the file
>
> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
>
>
>
> now...this oddly still bypasses my content filter set up at my  
> gateway..and I'm not sure why...(thus I had to put squidGuard on  
> the local LTSP box as well)...but now my windows users behind my  
> LTSP server can transparent proxy in joy.
>
> --Huck
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>




More information about the K12OSN mailing list