Squid proxy thoughts
I have some questions to the use of proxy on the tjener. Atm Skolelinux
7, the use of netgroups to block access to internet is not working. The
need to be able to lock sertain clients away from normal internet
access, and maybe still be able to access some central exam autority
site, is ugent.
I have tried to set up my firewall, pfSense, to do the job, but since
the automatic proxysetup in skolelinux is set to use the squid install
on tjener as proxy, i cant make it work. All trafic that my pfSense sees
is the trafic from tjener (10.0.2.2).
I have asked in the irc channel on this, and got the answeer to use
wpad-file to stear clients to my pfSense box as proxy rather than
tjener. Ive tried to set this up on tjener and on the ltsp equivalent to
no use. All clients are still locked to tjener as proxy.
I have 2 senarios/sugestions that is valid.
1. Get in place a decent way to administrate the proxy setup,
blacklist, and so on, on tjener. (preferably through gosa)
2. Remove the use/need of proxy on tjener and let a dedicated
firewall do the job.
I would prefear the first alternative, but the second holds some
advantages too. The 2nd will ease the load on tjener quite a bit.
pfSense, for one, has a very nice way to do this, and can be integradet
to tjener's ldap for easier administration.
Helge Tore Høyland