Re: Squid proxy thoughts
Thx for reply.
For us, due to function, i need to use Firefox or Chromium as
browser(due to poor programming on several servers, not accepting
iceweasel). Iceweasel has to be uninstalled to get firefox to work
properly, sadly. So that is not an option for me.
Preferably i would like my proxy to work at transparant mode. That way
you can force all clients trafic through the proxy, without users
knowing it. That would fix the trouble the different browsers has on how
to configure automatic proxy setup with wpad files. For that to work,
the proxy needs to be on the gateway.
For my schools, this is a break or make issue. As of now, its way to
mutch hassle to do exams. And they tend to resort to use standalone
machines, with the extra hassle of administration that makes.
Helge Tore Høyland
Den 06.05.2015 12:00, Giorgio Pioda skreiv:
I usually switch off squid during examinations and netgroup block.
Iceweasel still operates through direct internet connection.
Chromium is fully blocked.
I admit that this is a "cheap" solution; a better one would be
to discriminate the squid incoming request throug the netblock
group, but I never tried to implement it
On Wed, May 06, 2015 at 11:33:49AM +0200, Helge Tore Høyland wrote:
I have some questions to the use of proxy on the tjener. Atm
Skolelinux 7, the use of netgroups to block access to internet is
not working. The need to be able to lock sertain clients away from
normal internet access, and maybe still be able to access some
central exam autority site, is ugent.
I have tried to set up my firewall, pfSense, to do the job, but
since the automatic proxysetup in skolelinux is set to use the squid
install on tjener as proxy, i cant make it work. All trafic that my
pfSense sees is the trafic from tjener (10.0.2.2).
I have asked in the irc channel on this, and got the answeer to use
wpad-file to stear clients to my pfSense box as proxy rather than
tjener. Ive tried to set this up on tjener and on the ltsp
equivalent to no use. All clients are still locked to tjener as
I have 2 senarios/sugestions that is valid.
1. Get in place a decent way to administrate the proxy setup,
blacklist, and so on, on tjener. (preferably through gosa)
2. Remove the use/need of proxy on tjener and let a dedicated
firewall do the job.
I would prefear the first alternative, but the second holds some
advantages too. The 2nd will ease the load on tjener quite a bit.
pfSense, for one, has a very nice way to do this, and can be
integradet to tjener's ldap for easier administration.
Helge Tore Høyland
To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com