+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Internet Related/Filtering/Firewall Thread, Smoothwall Express - Have I got this right? in Technical; Arising from this thread: http://www.edugeek.net/forums/intern...on-kindle.html , in which I've been working on a way of getting devices that can't accept ...
  1. #1
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    948
    Thank Post
    544
    Thanked 128 Times in 106 Posts
    Rep Power
    60

    Smoothwall Express - Have I got this right?

    Arising from this thread: Amazon Kindle , in which I've been working on a way of getting devices that can't accept a proxy server setting (and that will only accept wireless connections with DHCP (Android 2.1 on an E-Pad)) working in school, I've set up a Smoothwall Express box as a transparent proxy. This is in a feasibility study / proof of concept / evaluating devices type of scenario rather than wanting anything large scale for now.

    It seems to work OK, but as I've never used SW before, I'd be grateful of confirmation from those that have that I'm not doing anything silly. It's configured as follows:

    Red - given a static IP in our normal school range as assigned by our RBC (10.105.xxx.xxx)

    Green - assigned 192.168.0.1 and (Physically) connected straight to an unmanaged wireless access point I had lying around 192.168.0.2 (independant of the main Ruckus wireless in school, on channel 2, different SSID, and setup to only allow MAC addresses I specify).

    DHCP is ON, giving out 192.168.0.3 to 192.168.0.254

    Web Proxy is ON, in transparent mode, upstreaming to the RBC proxy.

    I'm nervous about the DHCP bit - can someone reassure me that it's not going to start sending out duff addresses to the school network is it?

  2. Thanks to BatchFile from:

    camel (29th March 2011)

  3. #2

    bladedanny's Avatar
    Join Date
    May 2009
    Location
    Sheffield
    Posts
    1,271
    Thank Post
    189
    Thanked 298 Times in 224 Posts
    Rep Power
    130
    I've never used DHCP on SW before so I can only offer my best guess (which comes with no warranty). I believe it only dishes DHCP out of the green interface so in theory you should be ok.

    Maybe one of the smoothwall guys could shed a bit more light.

  4. Thanks to bladedanny from:

    tom_newton (17th January 2011)

  5. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,618
    Thank Post
    648
    Thanked 1,619 Times in 1,449 Posts
    Rep Power
    421
    How you've done it it will only give out an ip via dhcp to a device connecting via that wireless access point so you are fine.

    Ben

  6. 2 Thanks to plexer:

    BatchFile (17th January 2011), tom_newton (17th January 2011)

  7. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 849 Times in 671 Posts
    Rep Power
    196
    Sounds to me like you have it right already.

  8. Thanks to tom_newton from:

    BatchFile (17th January 2011)

  9. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Could I set transparent proxying on a schoolguardian on just one network card and have proxy auth on the others?

  10. #6


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 849 Times in 671 Posts
    Rep Power
    196
    Quote Originally Posted by CyberNerd View Post
    Could I set transparent proxying on a schoolguardian on just one network card and have proxy auth on the others?
    Probably.... with the g3 update coming RSN, definitely.

  11. #7
    camel's Avatar
    Join Date
    Nov 2009
    Location
    east midlands
    Posts
    110
    Thank Post
    30
    Thanked 38 Times in 19 Posts
    Rep Power
    16
    Just got Smoothwall Express 3.0 configured in-house for a set of kindles that the English dept bought for improving boys reading. Smoothwall is on a iron box, not virtualised and connected directly to a spare wireless access point, private ip range for kindles going to RBC ip range and default gateway. Works great. Also works with my Android as it doesn't have proxy settings by default. Thanks BatchFile.

  12. Thanks to camel from:

    plexer (29th March 2011)

  13. #8
    camel's Avatar
    Join Date
    Nov 2009
    Location
    east midlands
    Posts
    110
    Thank Post
    30
    Thanked 38 Times in 19 Posts
    Rep Power
    16
    My initial delight was quickly scuppared by no transparent proxy for https!

    What would anyone suggest as an alternative to taking home the kindles and using the home wifi to download books? Yes, I know they should have got 3g ones...

  14. #9


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,912
    Thank Post
    226
    Thanked 2,676 Times in 1,973 Posts
    Rep Power
    787
    Quote Originally Posted by camel View Post
    My initial delight was quickly scuppered by no transparent proxy for https!
    Apache can be configured as a transparent proxy and should support SSL too.

  15. 2 Thanks to Arthur:

    BatchFile (30th March 2011), camel (30th March 2011)

  16. #10
    camel's Avatar
    Join Date
    Nov 2009
    Location
    east midlands
    Posts
    110
    Thank Post
    30
    Thanked 38 Times in 19 Posts
    Rep Power
    16
    Thanks for the pointer, just working on it now. Loaded modules mod_proxy and mod_proxy_http as the first is required and the second is for handling the http, https and ftp requests, wrapping them up in a http connect method.

    I've setup a new virtualhost with an IP in the RBC assigned range, connected my wireless access point to use that host as a gateay and set the upstreaming proxy to that of our RBC proxy. Am I right in thinking that the new virtualhost is a gateway for the kindle clients. I've set up each kindle with static ip, which is fine but there isn't a route out as such. Am I missing some routing or something?

  17. #11
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    948
    Thank Post
    544
    Thanked 128 Times in 106 Posts
    Rep Power
    60
    I'm not at all convinced that it's possible to put SSL through a transparent proxy at all simply due to the fact that the packets don't have enough information about their destination visible...
    System administrators are often asked to also transparently proxy FTP and SSL, but these can't be transparently proxied. FTP is a more complex protocol than HTTP, and provides fewer hints as to the original destination of the request. SSL is encrypted and contains no useful data about destinations. Attempts to decode SSL are precisely what it's designed to prevent: decoding SSL to transparent proxy -- it would be indistinguishable from a "true" man-in-the-middle attack.
    Source: Transparent Proxying with Squid - O'Reilly Media

    ...is it worth setting up apache or is the above correct?

  18. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 849 Times in 671 Posts
    Rep Power
    196
    The above is (largely) correct. It is possible to transparently proxy SSL without MITM, but I only know of one product that supports it, and its not released yet Squid3 will MITM, but I doubt it would work in transparent or for kindles.

  19. Thanks to tom_newton from:

    BatchFile (31st March 2011)

  20. #13
    Ben_Alton's Avatar
    Join Date
    Mar 2010
    Location
    Plymouth
    Posts
    3
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've setup a new virtualhost with an IP in the RBC assigned range, connected my wireless access point to use that host as a gateay and set the upstreaming proxy to that of our RBC proxy. Am I right in thinking that the new virtualhost is a gateway for the kindle clients. I've set up each kindle with static ip, which is fine but there isn't a route out as such. Am I missing some routing or something?
    Did you have any sucess with this ? I'm trying exactly the same thing for my kindles at my school ...

  21. #14
    camel's Avatar
    Join Date
    Nov 2009
    Location
    east midlands
    Posts
    110
    Thank Post
    30
    Thanked 38 Times in 19 Posts
    Rep Power
    16
    Quote Originally Posted by Ben_Alton View Post
    Did you have any sucess with this ? I'm trying exactly the same thing for my kindles at my school ...
    yes and no. got the browsing working, i.e. i could get a wifi connection, browse the web in ecperimental, but no access to kindle store or retrieve archived items as its https!

    going to use amazon account in school and take the few kindles home and archive. should have got 3g ones!

  22. Thanks to camel from:

    Arthur (7th April 2011)

  23. #15
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    948
    Thank Post
    544
    Thanked 128 Times in 106 Posts
    Rep Power
    60
    Quote Originally Posted by camel View Post
    yes and no. got the browsing working, i.e. i could get a wifi connection, browse the web in ecperimental, but no access to kindle store or retrieve archived items as its https!

    going to use amazon account in school and take the few kindles home and archive. should have got 3g ones!
    That's what our librarian ended up doing - no 3G signal here

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Smoothwall express
    By rush_tech in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 9th February 2010, 01:45 PM
  2. Smoothwall Express Subdomains
    By clarky2k3 in forum Internet Related/Filtering/Firewall
    Replies: 5
    Last Post: 2nd December 2009, 10:16 PM
  3. Smoothwall Express 3
    By Jose in forum Internet Related/Filtering/Firewall
    Replies: 7
    Last Post: 10th February 2009, 09:45 AM
  4. Smoothwall Express Error
    By netadmin in forum *nix
    Replies: 8
    Last Post: 9th October 2007, 07:44 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •