+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, Dansguardian in Technical; Hello, I'm still learning a lot about school networks so here goes I'm looking at putting in a proxy server ...
  1. #1

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14

    Dansguardian

    Hello,

    I'm still learning a lot about school networks so here goes

    I'm looking at putting in a proxy server running Dansguardian on but where abouts in the network should it go? It's only a small school so we have ISA server running on the domain controller at the moment and it won't receive loads of traffic for hours on end.

    Should it just sit on the network somewhere with two connections or sit inbetween ISA and the local network or even something else?

    Thanks

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,252
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463
    You have it at the very top of the network.

    You will have an ethernet cable go into a switch some place. plug that into one nic of the server and plug another cable from the server into the network. This will force all traffic to go through.

    Also installing ISA on a DC is a big no no. it will probably block allot of traffic needed for a DC

  3. Thanks to FN-GM from:

    Blue_Cookeh (4th January 2010)

  4. #3

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14
    Quote Originally Posted by FN-GM View Post
    You have it at the very top of the network.

    You will have an ethernet cable go into a switch some place. plug that into one nic of the server and plug another cable from the server into the network. This will force all traffic to go through.

    Also installing ISA on a DC is a big no no. it will probably block allot of traffic needed for a DC
    Unfortunatly this is how the county set it up before I was there and we have just stuck with it, they setup rules to allow all local traffic so I guess for now it should be ok.

    Thanks for that one

  5. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 855 Times in 675 Posts
    Rep Power
    197
    With the right firewall rules, you can put DG anywhere on the network, with 1 NIC, so long as all the clients can see dg, and dg can get at the web.

  6. Thanks to tom_newton from:

    Blue_Cookeh (4th January 2010)

  7. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Quote Originally Posted by tom_newton View Post
    With the right firewall rules, you can put DG anywhere on the network, with 1 NIC, so long as all the clients can see dg, and dg can get at the web.
    I agree and it works a treat. The only problem is if you are in a huge establishment and you need 2 nic cards one to handle internal and one to handle external traffic for bandwidth or you are putting a firewall on the server.

    Richard

  8. Thanks to ricki from:

    Blue_Cookeh (4th January 2010)

  9. #6

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14
    Ok, thanks guys, I have it all setup so Ill see how it goes tomorrow when the kids are back, Dansguardian is a lot more powerful than I first thought actually..

  10. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 855 Times in 675 Posts
    Rep Power
    197
    Quote Originally Posted by ricki View Post
    I agree and it works a treat. The only problem is if you are in a huge establishment and you need 2 nic cards one to handle internal and one to handle external traffic for bandwidth or you are putting a firewall on the server.

    Richard
    You'll only need 2 Nics if you have ~60Mbits/sec of web traffic. At that point, a gigabit Nic or - much more sensibly - a load balanced nest of DGs would be a better idea.

    We do the "commercial version" of DG - Network Guardian - as many of you know, this is DG "preinstalled" with reporting and much better lists. In nearly 7 years at SmoothWall I have never needed to use >1 NIC.

  11. #8

    Join Date
    Oct 2008
    Posts
    223
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    22
    It all depends on how you do things. I would (personally for my situation) say that for flexibility I would go the 2 NIC route initially. I would put the DG box as follows:

    external router -> DG -> (ISA WAN connection)

    This will give you the advantage of having a filtered bridge forcing all traffic through your DG box. I assume that at the moment there is no filtering hence the clients can pass happily through your ISA server?

    That way you need to configure the DG box only and leave the ISA box alone. It also means that you dont need to change gateways - only add proxy rules (GPO, WPAD, proxy.PAC etc etc) and any clients that are simply added to the network will still need to go through the DG box. If you dont care about giving different levels of access then you could transparent proxy the box needing nothing configuring on the clients!

    Horses for courses though. I would say it is no harder to set up a 2NIC than a 1NIC box. My first 1NIC was soon ditched as it was too easy to bypass the DG box with pocket opera etc.

    Dont forget to get an extra CAL for your linux box
    Last edited by KK20; 7th January 2010 at 10:20 AM.



SHARE:
+ Post New Thread

Similar Threads

  1. Dansguardian
    By itgeek in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 9th December 2009, 11:05 AM
  2. [Ubuntu] Dansguardian 2.10.0.3 and Ubuntu 9.04
    By voodoochile in forum *nix
    Replies: 11
    Last Post: 5th June 2009, 02:51 PM
  3. Dansguardian 2.10 on Ubuntu 8.04
    By ianniow in forum *nix
    Replies: 3
    Last Post: 3rd June 2009, 12:46 PM
  4. Dansguardian
    By DMcCoy in forum *nix
    Replies: 10
    Last Post: 25th January 2008, 02:17 PM
  5. dansguardian
    By callumtuckey in forum How do you do....it?
    Replies: 3
    Last Post: 21st May 2007, 09:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •