[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
|
> Date: Thu, 11 Jun 2009 10:10:09 +0100 > From: rob@xxxxxxxxxxxxx > To: list@xxxxxxxxxxxxx > Subject: Re: [LUG] Dansguardian > > Austin Gossmeyer wrote: > > Rob and simon thank you for taking the time to reply. > > > No problem. > > > Date: Wed, 10 Jun 2009 16:11:19 +0100 > > > From: rob@xxxxxxxxxxxxx > > > To: list@xxxxxxxxxxxxx > > > Subject: Re: [LUG] Dansguardian > > > > > > Austin Gossmeyer wrote: > > > > > Given user management is hard work, I'd go for IP based if you can > > > > > distinguish staff from students that way. > > > > > > > > > As all pcs on site use dhcp except servers I don't think thaat > > will work. > > > > > > > Is there anything to distinguish which machines are student machines > > and > > > which are staff machines? > > > > > No all pcs on site are all in the same range. I may look into > > splitting them up in the future though. It seems that it would > > simplify a few things. > > > It might make it easier. Your other option may be to assign the staff > PCs static IP addresses via DHCP (so they still pick up their IP address > via DHCP but rather than have a random IP address they get the same one > every time). I can't off the top of my head remember exactly how to do > it on Windows 2003 Server (I don't have one to hand, although a customer > of mine does have one I can look at if need be). I would have thought > you should be able to specify for these machines that they look at > another gateway. > > But yes, maybe if you could put them on separate subnets or even > different physical networks that might be a good idea for securities sake. > > > > For instance when I worked at Exeter College many moons ago the student > > > network had a completely different range of IP addresses and was on a > > > physically different network. > > > > > > Just thinking that if the machines are on a different range and can be > > > separated somehow then you could have two gateways, one for the student > > > machines and one for the staff machines. > > > > > > I've done things a little differently on my network (albeit it's a > > > fairly small network), I have two broadband connections and two > > > gateways, my Ubuntu server provides DHCP so I have entered my machine > > > Mac addesses into the DHCP configuration so that I can specify which > > > machines which use what connection, I presume your servers are running > > > Windows Server to provide DHCP but even then if the machines can be > > > separated on different scopes you should be able to specify which > > router > > > each scope goes through. > > We do use windows server 2003 for dhcp and dns. > > > Okay, well there's probably no need to change that if it's working :-) > > > > > Alternatively speak to management and see if there is anything > > the staff > > > > > should be allowed to do that the students shouldn't when using > > college > > > > > resources ;) > > > > > > > > > As for accessing our isp filters stuff thus we have two isp proxies > > > > but management aren't happy with the level of blocking provided. Thus > > > > the only tech interested in linux me got handed the job even > > though my > > > > knowledge is next to nothing. > > > > > > How do these two proxies currently work? > > > > > I am not sure what info you are looking for. We point staff to the > > staff proxy at the isp through a gpo and students did go through a old > > dansguardian box on site till it died. The students on site proxy then > > passed it on to the isp students proxy. Unfortunately the guy who > > built the last box will not answer any of my questions. > > > > > Okay you say you assign the proxy by GPO, I presume this means that > Internet Explorer is configured to look at a machine at the ISP on a > specific port such as 8080 or 3128? The machines point to the dansguardian server on our end which then passes the traffic to the isp proxy. > > Is the proxy by passable if you don't actually configure the browser to > use the proxy specifically? No the proxy must be configured. > > > Do you have two internet connections does everything run over one > > > connection? > > > > > We only have one internet connection as far as I know. > Okay no problem. > > I'm just installing Ubuntu in a virtual machine, I'll have a go at > configuring Dansguardian (it has been a while since I did it on Ubuntu) > and let you know what I did. > > Another possible option that might be of interest though is to look at > something like IPCop [1] with AdvProxy [2], URL Filter [3] and Update > Accelerator [4] which will provide Squid, SquidGuard (which does the > same as DansGuardian) and Windows Update/Linux updates caching (saves > bandwidth). It's all free software and doesn't require anything overly > high spec, I have such a system running on a P3 1GHz with 20GB hard > drive and 256MB Ram and even that is probably considered high spec, you > do need at least two network cards in there though. > > [1] http://ipcop.org/ > [2] http://www.advproxy.net/ > [3] http://www.urlfilter.net/ > [4] http://update-accelerator.advproxy.net/ Are those all alternatives or do all of them need to be installed? The only reason I am using dansguardian is that was what was installed on the old box. > > Rob > > > -- > The Mailing List for the Devon & Cornwall LUG > http://mailman.dclug.org.uk/listinfo/list > FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html Insert movie times and more without leaving Hotmail®. See how. |
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html