[K12OSN] Best solution for Internet access, control, and caching?

John Lucas mrjohnlucas at gmail.com
Fri Dec 12 03:45:44 UTC 2008

Huck wrote:
> IPCOP...
> with the following addons
> advanced proxy
> url filter
> update accelerator
> zerina
> deployed in many facilities...schools/churches/businesses...
> works lovely..and if you want truly draconian control...
> install BlockOutTraffic(BOT)...and nothing leave/enters without strict 
> ACLs...

We have almost the exact same setup (with BOT but without zerina) and then use 
our account at OpenDNS for additional content filtering to back up the local 
filtering. With URL Filter (based on Squid) performing transparent proxying and 
BOT blocking (or restricting) all ports that the proxy doesn't handle, all 
traffic is logged by the firewall, proxy and by URL filter. The Advanced Proxy 
plug-in can be used with LDAP so user's could be made to authenticate (we don't 
do that, yet) and have their IDs logged along with their access. Not a lot of 
wiggle room, biggest headache is closing down access to "proxy tunnels", but 
analyzing the Squid logs with Webalizer (logs shipped via ssh to management 
station daily for analysis) turns them up eventually. BOT takes a bit of time 
to set up rules, but it is very effective.

Update accelerator really saves bandwidth; first download seeds the cache, 
subsequent updates fed from the cache. The plugin on IPCop checks for updates 
to updates in it's cache independently. Handles Window$, Linux, Mac, Avast, and 
Symantec updates.

         "History doesn't repeat itself; at best it rhymes."
                         - Mark Twain

| John Lucas                MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802      http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W              AST (UTC-4)                         |

More information about the K12OSN mailing list