[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Austin Gossmeyer wrote: > Rob and simon thank you for taking the time to reply. > No problem. > > Date: Wed, 10 Jun 2009 16:11:19 +0100 > > From: rob@xxxxxxxxxxxxx > > To: list@xxxxxxxxxxxxx > > Subject: Re: [LUG] Dansguardian > > > > Austin Gossmeyer wrote: > > > > Given user management is hard work, I'd go for IP based if you can > > > > distinguish staff from students that way. > > > > > > > As all pcs on site use dhcp except servers I don't think thaat > will work. > > > > > Is there anything to distinguish which machines are student machines > and > > which are staff machines? > > > No all pcs on site are all in the same range. I may look into > splitting them up in the future though. It seems that it would > simplify a few things. > It might make it easier. Your other option may be to assign the staff PCs static IP addresses via DHCP (so they still pick up their IP address via DHCP but rather than have a random IP address they get the same one every time). I can't off the top of my head remember exactly how to do it on Windows 2003 Server (I don't have one to hand, although a customer of mine does have one I can look at if need be). I would have thought you should be able to specify for these machines that they look at another gateway. But yes, maybe if you could put them on separate subnets or even different physical networks that might be a good idea for securities sake. > > For instance when I worked at Exeter College many moons ago the student > > network had a completely different range of IP addresses and was on a > > physically different network. > > > > Just thinking that if the machines are on a different range and can be > > separated somehow then you could have two gateways, one for the student > > machines and one for the staff machines. > > > > I've done things a little differently on my network (albeit it's a > > fairly small network), I have two broadband connections and two > > gateways, my Ubuntu server provides DHCP so I have entered my machine > > Mac addesses into the DHCP configuration so that I can specify which > > machines which use what connection, I presume your servers are running > > Windows Server to provide DHCP but even then if the machines can be > > separated on different scopes you should be able to specify which > router > > each scope goes through. > We do use windows server 2003 for dhcp and dns. > Okay, well there's probably no need to change that if it's working :-) > > > > Alternatively speak to management and see if there is anything > the staff > > > > should be allowed to do that the students shouldn't when using > college > > > > resources ;) > > > > > > > As for accessing our isp filters stuff thus we have two isp proxies > > > but management aren't happy with the level of blocking provided. Thus > > > the only tech interested in linux me got handed the job even > though my > > > knowledge is next to nothing. > > > > How do these two proxies currently work? > > > I am not sure what info you are looking for. We point staff to the > staff proxy at the isp through a gpo and students did go through a old > dansguardian box on site till it died. The students on site proxy then > passed it on to the isp students proxy. Unfortunately the guy who > built the last box will not answer any of my questions. > > Okay you say you assign the proxy by GPO, I presume this means that Internet Explorer is configured to look at a machine at the ISP on a specific port such as 8080 or 3128? Is the proxy by passable if you don't actually configure the browser to use the proxy specifically? > > Do you have two internet connections does everything run over one > > connection? > > > We only have one internet connection as far as I know. Okay no problem. I'm just installing Ubuntu in a virtual machine, I'll have a go at configuring Dansguardian (it has been a while since I did it on Ubuntu) and let you know what I did. Another possible option that might be of interest though is to look at something like IPCop [1] with AdvProxy [2], URL Filter [3] and Update Accelerator [4] which will provide Squid, SquidGuard (which does the same as DansGuardian) and Windows Update/Linux updates caching (saves bandwidth). It's all free software and doesn't require anything overly high spec, I have such a system running on a P3 1GHz with 20GB hard drive and 256MB Ram and even that is probably considered high spec, you do need at least two network cards in there though. [1] http://ipcop.org/ [2] http://www.advproxy.net/ [3] http://www.urlfilter.net/ [4] http://update-accelerator.advproxy.net/ Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html