+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Wireless Networks Thread, Filtering wireless with Dansguardian (ruckus and dlink) in Technical; Hi All, I am looking for a solution that will allow me to filter our wireless internet connection using our ...
  1. #1

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Filtering wireless with Dansguardian (ruckus and dlink)

    Hi All,

    I am looking for a solution that will allow me to filter our wireless internet connection using our dansguardian filter. I have all of our students browsers normally pointing to http://192.168.0.252:8080 which is the proxy server but at the moment anyone with a wirless enabled device that can access the wifi is pointed straight at our gateway bypassing the proxy.

    I have 4 Ruckus APs controlled by Zone director 1000 with the latest firmware and 4 dlink aps unmanaged. If there is an easy solution to get the Ruckus lan working I can always move the Dlinks onto another ssid with a different pass and just use them for specific projects.Anyone any suggestions ?

    Cheers


    John

  2. #2

    CPLTD's Avatar
    Join Date
    Apr 2008
    Location
    Northamptonshire
    Posts
    4,096
    Thank Post
    1,409
    Thanked 664 Times in 513 Posts
    Blog Entries
    1
    Rep Power
    263
    Quote Originally Posted by Shorty View Post
    Hi All,

    I am looking for a solution that will allow me to filter our wireless internet connection using our dansguardian filter. I have all of our students browsers normally pointing to http://192.168.0.252:8080 which is the proxy server but at the moment anyone with a wirless enabled device that can access the wifi is pointed straight at our gateway bypassing the proxy.

    I have 4 Ruckus APs controlled by Zone director 1000 with the latest firmware and 4 dlink aps unmanaged. If there is an easy solution to get the Ruckus lan working I can always move the Dlinks onto another ssid with a different pass and just use them for specific projects.Anyone any suggestions ?

    Cheers


    John
    I have passed this to our technical team John,

  3. #3

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cheers Simon

  4. #4
    Cools's Avatar
    Join Date
    Jan 2009
    Location
    Bedfordshire
    Posts
    498
    Thank Post
    24
    Thanked 62 Times in 57 Posts
    Rep Power
    26
    take your Linux box make it the gateway

    copy the following to the file /etc/rc.d/rc.local/iptables-config

    And this script on Debian based systems:

    /etc/rc.local/iptables-config
    ------------------------------------------------------------------

    #!/bin/bash
    iptables -F
    # set the default policy for each of the pre-defined chains
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD DROP
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # to allow incoming SSH and Proxy
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -m state --state NEW -p tcp -m tcp -s 127.0.0.1 --dport 3128 -j ACCEPT
    iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 8080 -j ACCEPT
    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

    # drop everything else
    iptables -A INPUT -i eth+ -p udp -j DROP
    iptables -A INPUT -i eth+ -p tcp -m tcp --syn -j DROP
    ----------------------------------------------------------------------------------
    chmod +x /etc/rc.d/rc.local/iptables-config - makes the iptables-config script executable

    And this script on Debian based systems:

    chmod +x /etc/rc.local/iptables-config - makes the iptables-config script executable

    now every thing that goes to access the internet get all cleaned up.

    and thats transparent proxying.

    you might want to install antivirus as well..

    google DG with AV if your using ubuntu apt-get install dansguardian-av make sure you set to install all dpes.


    More help http://www.thedailyadmin.com/2009/04...hine-with.html
    Last edited by Cools; 27th August 2009 at 11:25 AM.

  5. Thanks to Cools from:

    Shorty (28th August 2009)

  6. #5
    White_Fi's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    188
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    33
    Hi Shorty,

    You can get the wireless clients to go through your proxy by creating a Layer4 ACL on the ZoneDirector and applying that ACL to the SSID clients conect to.

    Note you will need version 8 in order to complete.

    Simply create an ACL allowing access to your proxy server on it is specific port.
    Add other Allow / Deny Rules below it.
    Then edit the WLAN and apply the Layer4 rule to it in advanced options.

    Kind Regards
    Stuart

  7. Thanks to White_Fi from:

    Shorty (28th August 2009)

  8. #6

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cheers Guys all good stuff :-)

    I will have a look at playing with both options when I get back to it

    Thanks

    John

  9. #7

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Cools,

    I am struggling to implement your suggestion I am falling at the first Hurdle the Linux version that DG is running on is CentOS Linux 4.4. I have found the file iptables in /etc/rc.d/init.d and the iptables-config file in /etc/sysconfig is it this that I need to edit ?

    Cheers

    John

  10. #8


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    I would venture to suggest that Stuart's solution is the better one - ideally you want your wireless users having the same or similar filtering to "regular" users - so perhaps hacking up a dg install for them might not be a great route, especially if you aren't fully comfortable with its operation.

  11. #9
    White_Fi's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    188
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    33
    Simplicity in this scenario will be bliss. Make use of the ZD's Layer3-4 ACL.

  12. #10

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Stuart, not having a good day struggling with the Zone Director ACL as well, was going for Cools option first as it allowed me to integrate the old APs. But when I had a look at Zone Director I couldnt see the obvious route to forward everything to http://192.168.0.251:8080. Going to have another look now ;-)

  13. #11
    White_Fi's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    188
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    33
    Quote Originally Posted by Shorty View Post
    Hi Stuart, not having a good day struggling with the Zone Director ACL as well, was going for Cools option first as it allowed me to integrate the old APs. But when I had a look at Zone Director I couldnt see the obvious route to forward everything to http://192.168.0.251:8080. Going to have another look now ;-)
    What version of code are you running?

    It will be under "Configure -> Access Control"

  14. #12
    White_Fi's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    188
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    33
    You will need to be running V8

  15. #13

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Yeah I am running V8.

    I have configured the gateway to 192.168.0.252

    and in the ACL settings I have setup the following as a start.



    I have then edited the advanced options of the WLAN to set the L4 ACL as Dans.


    Any suggestions ?

    Cheers

    john

  16. #14

    Join Date
    Jan 2008
    Posts
    35
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    mm re-looking at this I can see that what I am doing must be incorrect as I am filtering anything that goes to 8080 and denying all others, but obvioulsy this isnt the aim

  17. #15

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    300
    Thank Post
    17
    Thanked 12 Times in 9 Posts
    Rep Power
    21
    Hi Guys,

    I'm trying to do the exact same thing with our Wireless LAN (Ruckus, running the latest Firmware) and giving students that access the Guest SSID access to our Internet VIA a Proxy server, i can't get my head around how to do it, also, would the students using there own laptops need to go in and enter a proxy server under there Internet Options to get out onto the internet or can the Ruckus Kit push this setting out so when they connect to the Guest SSID with a Guest Pass the internet will just "Work"!

    Thanks,

    Matt



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Mixing SSIDs between new Ruckus and old Dlink
    By Shorty in forum Wireless Networks
    Replies: 2
    Last Post: 26th August 2009, 10:30 AM
  2. Ruckus Managed Wireless Causing A Ruckus!
    By CPLTD in forum Our Advertisers
    Replies: 4
    Last Post: 21st August 2009, 10:25 AM
  3. Replies: 3
    Last Post: 5th February 2008, 04:31 PM
  4. Poor signal form wireless DLink PCI card.
    By tosca925 in forum Wireless Networks
    Replies: 4
    Last Post: 6th February 2007, 10:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •