[CS-FSLUG] DansGuardian installation
Tim Young
Tim.Young at LightSys.org
Sun Mar 4 15:41:42 CST 2007
Mark,
Sorry if my previous email confused you. I did not mean to say that it
was the only way to do it, but rather that was the way with probably the
lowest number of changes to computers.
There are many ways to set up a proxy, some of which are more effective
than others. Regardless of how you do it, there are chances to break
things. (For example, many IM clients fall back to web-based protocols
that can have issues with different types of proxying. And, as Stephen
mentioned, you may want to do authentication or something which forces
one "solution" over another.)
It looks like we may have offered solutions which were way too complex
for just two clients. While it is still possible for you to do
transparent proxying with just one NIC in your server, it is probably
much more complex than it needs to be.
The first question is, how much do you trust the users, or how computer
literate are they? The simple option is to set up squid and simply edit
the preferences on the clients to say that the server is the proxy. You
can go to the added length of creating a firwall rule to block outgoing
port 80 from everything but the server, and that should do it.
When you have lots of clients, or you do not trust your users, then you
need to do something like having auto-discovery of proxy servers or do
the transparent proxy thing. You can get amazingly complex with proxies
and filtering, but it can also be relatively straight-forward. The rule
of thumb is that no filtering solution is ever truly foolproof. You
simply need to make it difficult enough to get to junk that it does not
happen from your LAN. So you need to first determine how complex you
need to and are willing to make it, and then go with it.
So, tell us about the people. If we are trying to create something which
they may fight to get through, or if we are just putting up a wall
against accidents and quick temptation. You already told us about your
LAN, and so we should be able to point you in the right direction from
there.
Oh. If you are looking for a simple solution that comes in a box, the
wrt54gs (http://en.wikipedia.org/wiki/WRT54G#WTR54GS) up to revision 3,
had a built in content filter which you can purchase a very cheap
license for. ($30 or $50 a year?)
Blessings,
- Tim Young
John Mark Clayton wrote:
> Well then I'm confused and obviously this installation is over my head.
> Can anyone point me to instructions for setting up squidguard, etc
> on a small lan. The lan has a dsl modem/router with builtin wireless, a
> wired linux file/print/dns/server, a wireless linux client and a wireless
> xp client.
> I'd really appreciate any and all help,
> Mark
>
>
More information about the Christiansource
mailing list