[K12OSN] Anyone setup their LTSP server web browser to redire ct to a user accpetance page?
wilson at wilsonch.gotdns.com
wilson at wilsonch.gotdns.com
Tue Jul 3 18:42:24 UTC 2007
> I have been trying to figure out how to incorporate Squid and Dan's
> Guardian
> with my LTSP server on a single box, and I am having problems. I am using
> K12LTSP 5.0. I can not get the transparent proxy to work at all. I have
> been trying manually to redirect web traffic and I have hit a wall. If
> anyone out there could help, I would greatly appreciate and will be will
> to
> name my first born after them.
>
>
> Jeffrey M. Myers
> Technology Support Consultant II
> El Dorado Correctional Facility
> (316) 322-2077 FAX (316) 322-2019
> jeffmy at kdoc.dc.state.ks.us
>
Hey Jeff,
You are in luck. Here is my documented configurations for a fresh build of
CentOS v5. This should work for your ltsp setup (Config setup below)
except the IP's will be different. This will route all port 80 traffic to
port 8080 (Dansguardian) and then it would be passed on to 3128 (Squid).
:) Let me know if you need help.
-Wilson
==CENTOS v5==
Load CENTOS v5 - Server
wget
http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install squid dansguardian caching-nameserver
Eth0 = RR Modem
Eth1 = LAN (192.168.100.1)
-------------------------------------------------------------------------------------------------
/etc/squid/squid.conf
http_port 3128 transparent <----Add transparent
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl wirelessNetwork src 192.168.100.0/255.255.255.0 <----
# And finally deny all other access to this proxy
## Allow Wireless
http_access allow wirelessNetwork <----
http_access allow localhost
http_access deny all
## Transparent Proxying
httpd_accel_host virtual <----
httpd_accel_port 80 <----
httpd_accel_with_proxy on <----
httpd_accel_uses_host_header on <----
-------------------------------------------------------------------------------------------------
/etc/dansguardian/dansguardian.conf
filterip = 192.168.100.1 <----
-------------------------------------------------------------------------------------------------
/etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 <----
-------------------------------------------------------------------------------------------------
/etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j
ACCEPT
# Some ICMP messages aren't particularly useful and can be particularly
# nasty, so drop them or rate limit them as appropriate.
#
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 5 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 9 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 10 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 15 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 16 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 17 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 18 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit
1/sec -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp ! --icmp-type 8 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
-------------------------------------------------------------------------------------------------
> -----Original Message-----
> From: wilson at wilsonch.gotdns.com [mailto:wilson at wilsonch.gotdns.com]
> Sent: Monday, July 02, 2007 8:34 PM
> To: k12osn at redhat.com
> Subject: [K12OSN] Anyone setup their LTSP server web browser to redirect
> to
> a user accpetance page?
>
> Anyone know of a way to redirect web traffic to a user acceptance page
> first before allowing them to surf the web? Im looking at NoCatSplash
> (http://nocat.net) for all my users LTSP & Wireless clients. Anyone get
> this working or know of a way to do this? Thanks!
>
> Setup is CentOS, LTSP, Dansguardian, and Squid.
>
>
> Wilson
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list