Re: Squid proxy thoughts

To: debian-edu@lists.debian.org
Subject: Re: Squid proxy thoughts
From: Giorgio Pioda <gfwp@ticino.com>
Date: Wed, 6 May 2015 12:00:44 +0200
Message-id: <[🔎] 20150506100043.GA30071@macchianera.pioderia.lan>
In-reply-to: <[🔎] 5549DFFD.6010807@gmail.com>
References: <[🔎] 5549DFFD.6010807@gmail.com>

Hi,

I usually switch off squid during examinations and netgroup block.

Iceweasel still operates through direct internet connection.
Chromium is fully blocked.

I admit that this is a "cheap" solution; a better one would be
to discriminate the squid incoming request throug the netblock
group, but I never tried to implement it

Regards

Giorgio


On Wed, May 06, 2015 at 11:33:49AM +0200, Helge Tore Høyland wrote:
> Hi.
> 
> I have some questions to the use of proxy on the tjener. Atm
> Skolelinux 7, the use of netgroups to block access to internet is
> not working. The need to be able to lock sertain clients away from
> normal internet access, and maybe still be able to access some
> central exam autority site, is ugent.
> I have tried to set up my firewall, pfSense, to do the job, but
> since the automatic proxysetup in skolelinux is set to use the squid
> install on tjener as proxy, i cant make it work. All trafic that my
> pfSense sees is the trafic from tjener (10.0.2.2).
> I have asked in the irc channel on this, and got the answeer to use
> wpad-file to stear clients to my pfSense box as proxy rather than
> tjener. Ive tried to set this up on tjener and on the ltsp
> equivalent to no use. All clients are still locked to tjener as
> proxy.
> 
> I have 2 senarios/sugestions that is valid.
>     1. Get in place a decent way to administrate the proxy setup,
> blacklist, and so on, on tjener. (preferably through gosa)
>     2. Remove the use/need of proxy on tjener and let a dedicated
> firewall do the job.
> 
> I would prefear the first alternative, but the second holds some
> advantages too. The 2nd will ease the load on tjener quite a bit.
> pfSense, for one, has a very nice way to do this, and can be
> integradet to tjener's ldap for easier administration.
> 
> Kindly Regards
> Helge Tore Høyland
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 5549DFFD.6010807@gmail.com">https://lists.debian.org/[🔎] 5549DFFD.6010807@gmail.com
> 
> 

-- 
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Tel  +41 58 468 62 48
Fax  +41 58 468 61 98

Reply to:

Follow-Ups:
- Re: Squid proxy thoughts
  - From: Helge Tore Høyland <helge.tore.hoyland@gmail.com>

References:
- Squid proxy thoughts
  - From: Helge Tore Høyland <helge.tore.hoyland@gmail.com>

Prev by Date: Squid proxy thoughts
Next by Date: Re: wpad and chromium
Previous by thread: Squid proxy thoughts
Next by thread: Re: Squid proxy thoughts
Index(es):
- Date
- Thread