+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 47
*nix Thread, Web Filter in Technical; Ok I have a question for all you nix gurus out there as Im a nix Newb. What Im looking ...
  1. #1
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Web Filter

    Ok I have a question for all you nix gurus out there as Im a nix Newb. What Im looking into for the near future is a means to filter websites/content and I believe a nix server would do this best. Only thing is in kinda need an idiots guide on the following:
    Distro - Which one should i go for?
    - Whats the hardware requirement?

    Smoothwall - Given the above, how do I install it?
    - How do i configure it?
    - How do i intergrate it into the network?

    Dansguard - how do I install it?
    - How do i configure it?
    - How do i intergrate it into the network?

    Ipcop - should i use this and if so then the above questions need answering...

    I know its alot to ask but any help is appreciated. Oh and one more thing, if i wanted to add additional elements would it be a good idea to add them to the above nix server or create a new one?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Web Filter

    Ok. As I've mentioned before I need to get round to writing up one (or more!) wiki articles about this however basically what I have setup (in steps):

    Ubtuntu LTS 6.06 (Dapper Drake) Minimal Server Install on a P4 Celeron 2.4Ghz with 1Gb of ram (a recycled desktop machine basically).

    I've installed Squid and Samba (with winbind).
    I've then added the machine as a member server to the domain (samba).
    Enabled Username/Group lookups (winbind)
    Got the machine working as a proxy via our LEA's proxy server (Squid)
    Enabled NTLM authentication (Squid + Winbind)
    Downloaded Dansguardian Alpha Version and compiled it (much installing of compile tools).
    Done some configured Dansguardian so it goes through squid (for the NTLM auth).
    Updated the blacklists + phraselists and told Dansguardian to use them.

    Things I have outstanding:

    Pay for blacklist updates (not really up to me) and get them autoupdating.
    Sort out some reporting functionality.
    Customise the block page.

    Which of the above steps do you require more details on?

  3. #3

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: Web Filter

    My first nix box was a proxy filter running squid and dansguardian on Fedora Core 2. The GUI means you don't have to get too bogged down in scipts and config files and Squid and Dans are both available as easy to install packages.

    The thing was rock solid for two years, never fell over once. I think the school are still using it now.

  4. #4

    Join Date
    Jun 2006
    Location
    Belfast, N\'Ireland
    Posts
    190
    Thank Post
    10
    Thanked 9 Times in 7 Posts
    Rep Power
    18

    Re: Web Filter

    I too am about to embark on this so will watch this thread and any wiki articles on it with intrest. At the moment I have soem breathing space because I've refused to have any live internet access in suites that I supervise at lunch and after school until the school has kids signing an AUP which I'm currently negotiating with SMT about.

    The part I least understand and can find least information about is useage restriction in terms of an internet on/off switch. The head of IT here has resisted the arrival of the internet in the teaching suites because of the distraction it would cause for lessons, but the internet provission in the library/learning centre is just not adequate to meet demands. Its overly filtered by C2K the managed network provider here. So the solution I impliment needs to offer interent use before school, lunch, break and afterschool easy enough. The harder part is to allow it to be on and off on a per room basis for lessons. Idealy ina very simple way that teachers can do it themselves. A simple "click here to activate/ deavtiviate internet in this Suite" button.

    I'm sure its something I can at the very least write scripts for and a basic application which runs those scripts from an idiot proof interface. Its just finding the time to do it.

  5. #5

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: Web Filter

    Its really easy to do this..... tell them to go to the wall and hit the power switch on the router. Bingo.... no internet access.

  6. #6


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: Web Filter

    Who'd have guessed i'd pop up in this thread, eh?

    I'd suggest that for a system analagous to Geoff's there, but for people who don't have his time (or obvious considerable expertise!) SmoothWall's SchoolGuardian system is the way to go. You can build something similar from OpenSource components, but it isn't that easy, and you don't get a web gui!

    It's based on Dansguardian, but it's not the same one as you download, as Dan himself is one of the SmoothWall directors, and we've spent a couple of years improving the thing!

    I will disclaim this by adding that I work for SmoothWall, but even if I didn't i'd encourage you to look at the system.

    Also, there's an EduGeek discount for members of this board, because we think it's great

    Tom (tom@smoothwall.net)

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: Web Filter

    @ Teth - time based rules are already in our product set - would be interested in how you'd like room-based rules implementing, by IP? MAC?

    Drop me an email if you've any bright ideas on this one, always like to hear from those on the "front line"!

  8. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Web Filter

    Censornet always had the ability to group machines and then disable web browser as you saw fit.

    Schoolguardian integrates with active directory so you could presumably pull ou's containing computers out of there for your groups and then obtain the macs or ip from the machines to block?

    Ben

  9. #9

    Join Date
    Jun 2006
    Location
    Belfast, N\'Ireland
    Posts
    190
    Thank Post
    10
    Thanked 9 Times in 7 Posts
    Rep Power
    18

    Re: Web Filter

    In my thoughts on scripting this I was thinking MAC as I already have MAC lists or ideally by OU its gonna depend really on how much time I have to learn new things before this gets implimented

    I'd love to buy a product for it too but I'm in a school that has no IT budget. I mean there is no allocation of money at all for the network. Equipment is bought in haphazard fashion by either departmental budgets or by capital spending at the end of a financial year. The capital spending is very irregular, money was spent this year on 60 new machines and 2 new servers but thats the first spend in 3 years (I've worked here 8 months). The IT departments budget is less than 10k a year and from it must come paper, Toner, incidentals like mice leads etc, textbooks and materials for ICT and computing classes. The budget has been dwindling year y year because we are due a new school under a PPP(public private partnership) system and as such our funding is being cut by the board and capital expenditure is fround upon.

    Simply put an internet connection is needed to do the Clait+ exams this year which I can provide simply enough for that task. I'm trying to go that extra mile and provide it year round for classes but there is no money available only my time. So it will be open source or bust. Another time based project I have is getting the small 6thform computer room operational again on scrounged and spare hardware with no money. Thats most likely going to be an opensource project as well.


    If changing a users filter group takes effect instantly maybe a "no access" group which they are removed from if they are in an internet class would be an answer. Again with copious scripting to idiot proof it.

  10. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: Web Filter

    Thanks guys - AD method sounds like a plan - will discuss with the devs. Unlike some folk, who copy the AD periodically (think censornet do this) we have a caching auth daemon which means changes are instant.

  11. #11

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,400
    Thank Post
    636
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319

    Re: Web Filter

    Quote Originally Posted by tom_newton
    You can build something similar from OpenSource components, but it isn't that easy, and you don't get a web gui!
    Unless you make one yourself or mix dansguardian with ipcop?

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Web Filter

    There's a webmin module for dansguardian too.

    However personally, I'm more at home with the flat text files. It makes it more obvious as to what's going on.

  13. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Web Filter

    Unless you make one yourself or mix dansguardian with ipcop? Smile
    Would take a lot of beating, smoothwall corp web interface is v.good

  14. #14

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Web Filter

    Quote Originally Posted by Geoff
    However personally, I'm more at home with the flat text files. It makes it more obvious as to what's going on.
    Spoken like a true geek

  15. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Web Filter

    Shh, or I'll grep you!

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. URL Filter
    By richard.thomas in forum Network and Classroom Management
    Replies: 3
    Last Post: 2nd November 2007, 10:27 AM
  2. Web Filter
    By Jackd in forum Windows
    Replies: 9
    Last Post: 26th March 2007, 09:23 AM
  3. B Gone filter
    By gwendes in forum General Chat
    Replies: 6
    Last Post: 18th March 2007, 01:49 PM
  4. P2P Traffic Filter
    By Peter in forum Wireless Networks
    Replies: 1
    Last Post: 8th January 2006, 11:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •