+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, Cascading proxy help...my head is fried.. in Technical; We've been fortunate enough to convince our NGFL that Symantec Web Security is as much use to us as a ...
  1. #1
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 203 Times in 154 Posts
    Rep Power
    110

    Cascading proxy help...my head is fried..

    We've been fortunate enough to convince our NGFL that Symantec Web Security is as much use to us as a cup of coffee in the back of a CRT. As a result, we've "retired" the box, and moved onto Bloxx.

    Now, Bloxx has been a 'mare. It blocks at will(and will not allow you to countermand the block), crashes if you ask it to report, and is generally no use at all. So, we've had enough (as have NGFL by all accounts).

    NGFL are trying to hammer out a pricing deal on some other solution whose name escapes me right now, but in the meantime we're having to use Portable Firefox (with restrictions) pointing at the retired SWS box for some things that Bloxx..well..blocks.

    As I say..'mare.

    I've been playing with Dansguardian/Smoothwall/IPCop on VMware on the SWS box to try and get that running instead. It's a headache.


    Here's the setup:

    SWS box and print server - Compaq Evo. SWS runs on port 8005 (had to change it as kids were using 8002 with "unauthorised programs). SWS then filters the request, and passes it onto another machine on port 80 for the data.
    Parent machine has ACL set up so that ONLY a machine with the print/SWS server name, fixed IP, and NIC MAC address can send/recieve data to it.

    SO:

    I set SWS (content license expired) to "guest mode", so no login is needed. I set the filtering to "Audit" so it's just effectively a "pass through" from the parent machine to port 8005 on the box.

    This works for me on Firefox and IE...pointing to the Evo on port 8005 gives me 'net access without authentication.

    Then I installed VMWare player and the various prebuilt VMs I mentioned above, and this is where I came unstuck. None of them seem to cater for our setup!

    Is there any solution out there, free, that can be used in a VM on the Evo or another seperate box and accept data from the machines on the network, filter it through dansguardian or similar, and then output it to port 8005 on the Evo for SWS to then in turn give it to the main proxy on the network?

    Everything I looked at seems to be "one green trusted nic, one red "bad"nic"..which makes sense...except that the untrusted NIC wouldn't in our case be connected to a physical router...but would need to send data to port 8005 on the SWS box instead.

    Is this possible?

    Sorry if it doesn't make much sense..it's been frying my head after a long week!

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Cascading proxy help...my head is fried..

    You just need a squid and dansguardian install with your SWS box as the parent proxy. It wouldnt take you long to get your head round a basic setup.

  3. #3
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 203 Times in 154 Posts
    Rep Power
    110

    Re: Cascading proxy help...my head is fried..

    hmm. I have 3 options...VM it on the existing box, put it on a new box, or try and set my SME Server box up with Squid and DG then...

    Any good guides on configuring this sort of setup?

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Cascading proxy help...my head is fried..

    The first question would be do you require authentication ?

  5. #5
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 203 Times in 154 Posts
    Rep Power
    110

    Re: Cascading proxy help...my head is fried..

    It may only be a temporary solution...Bloxx uses AD integration to do the authentication automatically...I think we could manage without it. Staff and students needs vary, but using the bigblacklist lists would make a good start to both, and we can always finetune site access using Netsupport School.

  6. #6
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Cascading proxy help...my head is fried..

    In that case you could just install debian or Ubuntu. apt-get install squid dansguardian. You then then set Dansguardian to use squid as it parent and squid to use sws as its parent. You could probably get away without using squid and just put dansguardian on and use SWS as its parent.
    If you look through the config file for each you will glean enough info to get a basic install working.

  7. #7
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 203 Times in 154 Posts
    Rep Power
    110

    Re: Cascading proxy help...my head is fried..

    I'll give that a shot tomorrow then.. I'll try the squid/DG bolt-in for CentOS (SME server base), and then if that doesn't work I'll grab one of the scrap P2 boxes from storage and Ubuntu it.

SHARE:
+ Post New Thread

Similar Threads

  1. Head of Assessment
    By SpecialAgent in forum Educational IT Jobs
    Replies: 0
    Last Post: 27th April 2007, 10:52 AM
  2. Well said that head.
    By Dos_Box in forum General Chat
    Replies: 67
    Last Post: 4th April 2007, 08:01 AM
  3. Cascading proxy servers
    By edie209 in forum *nix
    Replies: 27
    Last Post: 7th June 2006, 12:38 PM
  4. Head on over to surveys
    By Ric_ in forum General EduGeek News/Announcements
    Replies: 4
    Last Post: 20th June 2005, 08:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •