+ Post New Thread
Results 1 to 13 of 13
*nix Thread, IP Cop/Smoothwall and Cre in Technical; Originally Posted by ChrisH This is far too much faffing around just to stop them getting on the internet. You ...
  1. #1

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Stop internet access from address bar

    Quote Originally Posted by ChrisH
    This is far too much faffing around just to stop them getting on the internet. You need a proxy that will let you define rooms and computers so you can deny them access that way. It's a lot easier in the long run.
    IPCop linux with the Advanced Proxy Addon (www.advproxy.net) + Classroom Extensions (CRE, group filtering by IP/subnet/range) + URL Filter Addon (same site) make for a very reliable web proxy

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: Stop internet access from address bar

    Im currently setting up that very same system webman. I have previously used Censornet and then for a while used my own sytem that I put together using squid, DG and a few other bits and pieces. I started reading the forums again at smoothwall.org after ICT NUT mentioned it again as I havent tried out smoothwall for many years. The reason I have moved over is that its a great product and there is a phenomenal amount of help and customisation information on the forums .
    The only pain is controlling rooms through their IP which isnt going to be such a problem as Im about to prestage most of the computers for RIS so I will be able to use this info to configure DHCP with a script.

  3. #3

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Stop internet access from address bar

    Quote Originally Posted by ChrisH
    Im currently setting up that very same system webman. I have previously used Censornet and then for a while used my own sytem that I put together using squid, DG and a few other bits and pieces. I started reading the forums again at smoothwall.org after ICT NUT mentioned it again as I havent tried out smoothwall for many years. The reason I have moved over is that its a great product and there is a phenomenal amount of help and customisation information on the forums .
    The only pain is controlling rooms through their IP which isnt going to be such a problem as Im about to prestage most of the computers for RIS so I will be able to use this info to configure DHCP with a script.
    Good idea. It would probably also be possible to schedule a script either on the windows side and/or IPCop/Smoothwall side to convert the dhcp hosts to IPs to keep the list updated (like I did with my ASP WOL script - every night the DC server exports dhcp clients IPs+MACs and dns hostnames+IPs to a textfile - the ASP script then marries them ;D)

    We are still testing/using my HTA at our place which is seeming to be a success. The NM would like to be able to schedule them, but RM doesn't allow scheduled tasks on workstations for some reason. We're still holding back on the IPCop route due to our webmail access being an internal server, therefore not going through the proxy server; which means pupils could still get onto email, but not the Internet.

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: Stop internet access from address bar

    Im going to give all the workstations their own IP with a reservation or whatever the term is (cant remember at the mo :P ). I will script this with netsh or whatever wmi or somthing has to offer. I plan to have a harvest script setup to collect hostnames and MAC addresses (Ive seen one on here somewhere ) then im going to feed my final script a csv of hostnames, MAC address and IPs to do the prestage accounts and sort the IP info hopefully.

  5. #5
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: Stop internet access from address bar

    Hmm I just noticed theres no installer for the CRE for smoothwall ...

  6. #6

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Stop internet access from address bar

    Hmm... you're right. Maybe it only works on IPCop? (Which I've always found better than SW anyway )

  7. #7
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: IP Cop/Smoothwall and Cre

    Right well the author of the mod has very kindly, promptly replied to an email and has said

    The CRE will not be released as a standalone patch for SmoothWall.

    Instead, the CRE will become a regular part of the Advanced Proxy for both platforms, IPCop and SmoothWall, in the future.

    The CRE for IPCop were developed on a experimental basis to check whether such a feature will be possible at all. After some non-public beta tests, I'm waiting for feedback/requests about design and functionality before finally moving this code into the AdvProxy.

    As long as no security updates are required, the AdvProxy 1.x will be frozen. I'm working on AdvProxy 2.0 which will come with the CRE and other pretty things.
    So all will be well some time in the near future

    I could do the config for IP ranges myself on a standard squid config but I will probably wait for this. I can also use groups as well so I will experiment until then.

  8. #8

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: IP Cop/Smoothwall and Cre

    Yeah, he's usually very good with responding to emails. I remember getting a reply back about password lengths with windows authentication at some point (if a password was too long (can't remember exact length) then it wouldn't let you access).

  9. #9
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: IP Cop/Smoothwall and Cre

    I used to get that with Censornet I think 14 was max it liked.

  10. #10

    Join Date
    Nov 2005
    Posts
    14
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: IP Cop/Smoothwall and Cre

    Quote Originally Posted by ChrisH
    I used to get that with Censornet I think 14 was max it liked.
    And don't forget Censornet's occasional issues with apostrophes...

    I ended up deciding to roll our own web proxy, given the issues that IPCop/SW/Censornet have (well, given that they all have the same origin...).

    I keep planning to release the code at some point, afterall, it's only a few php and shell scripts that interface with squidguard, squid and the like. Although, if I ever did release it, I'd have to write an installer. Meh. The system itself uses NTLM-based authentication against the domain logon, with two classes of user 'Staff', who aren't logged (unions have issues...), and 'Pupil'. Pupil's access can be controlled between normal, whitelisted and banned states. Individual rooms can also be switched between the three states too. The script uses DNS, at the moment, to decide which machines belong inside which room... I will, when I have sufficient caffeine extend that to querying AD and using that as the basis for the DNS lookup, instead of hardcoding the number of machines per room that it needs to lookup.

    I guess that's why I dislike other solutions, I'm too much of a fiddler... and perhaps because I spent too long working with the SW team.

  11. #11
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: IP Cop/Smoothwall and Cre

    We would certainly be interested in seeing anything you can contribute . Is there any chance you could throw Dansguardian in there somewhere as well?
    I currently am running squid and DG and using NTLM for authentication. At the moment I have only simple control of access by having everyone in the "internet" group so I can just pull people out that have been banned. I know I can do do rooms by IP address or mac if I recompile squid but wouldnt know how to put a front end on that so I would be interested in looking at all alternatives.

  12. #12

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: IP Cop/Smoothwall and Cre

    I think we'd be interested as well, dustmite. Our teachers' number one gripe at the moment is why they can't have a different level of access to the web than the students. We claim it's because confusion and fustration could arise when a teacher goes to www.example.com and find it good for a lesson, then come that lesson when he wants the kids to go on it, it's actually filtered.

  13. #13
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: IP Cop/Smoothwall and Cre

    If you want multiple levels of filter access then this can be done with dansguardian and multiple configs. read here for a bit more info. Havent tried this config myself but im planning to.



SHARE:
+ Post New Thread

Similar Threads

  1. Smoothwall Express Error
    By netadmin in forum *nix
    Replies: 8
    Last Post: 9th October 2007, 08:44 AM
  2. Smoothwall
    By CyberNerd in forum *nix
    Replies: 9
    Last Post: 8th March 2007, 08:38 PM
  3. Goodbye Smoothwall Hello Smoothwall
    By Simcfc73 in forum Wireless Networks
    Replies: 2
    Last Post: 30th June 2006, 07:55 AM
  4. Anyone recommend Smoothwall Express?
    By OverWorked in forum *nix
    Replies: 15
    Last Post: 26th January 2006, 12:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •