Re: Squid proxy thoughts

To: debian-edu@lists.debian.org
Subject: Re: Squid proxy thoughts
From: Helge Tore Høyland <helge.tore.hoyland@gmail.com>
Date: Wed, 06 May 2015 12:35:40 +0200
Message-id: <[🔎] 5549EE7C.50302@gmail.com>
In-reply-to: <[🔎] 20150506100043.GA30071@macchianera.pioderia.lan>
References: <[🔎] 5549DFFD.6010807@gmail.com> <[🔎] 20150506100043.GA30071@macchianera.pioderia.lan>

Thx for reply.

For us, due to function, i need to use Firefox or Chromium asbrowser(due to poor programming on several servers, not acceptingiceweasel). Iceweasel has to be uninstalled to get firefox to workproperly, sadly. So that is not an option for me.

Preferably i would like my proxy to work at transparant mode. That wayyou can force all clients trafic through the proxy, without usersknowing it. That would fix the trouble the different browsers has on howto configure automatic proxy setup with wpad files. For that to work,the proxy needs to be on the gateway.

For my schools, this is a break or make issue. As of now, its way tomutch hassle to do exams. And they tend to resort to use standalonemachines, with the extra hassle of administration that makes.


Helge Tore Høyland


Den 06.05.2015 12:00, Giorgio Pioda skreiv:

Hi,

I usually switch off squid during examinations and netgroup block.

Iceweasel still operates through direct internet connection.
Chromium is fully blocked.

I admit that this is a "cheap" solution; a better one would be
to discriminate the squid incoming request throug the netblock
group, but I never tried to implement it

Regards

Giorgio


On Wed, May 06, 2015 at 11:33:49AM +0200, Helge Tore Høyland wrote:

Hi.

I have some questions to the use of proxy on the tjener. Atm
Skolelinux 7, the use of netgroups to block access to internet is
not working. The need to be able to lock sertain clients away from
normal internet access, and maybe still be able to access some
central exam autority site, is ugent.
I have tried to set up my firewall, pfSense, to do the job, but
since the automatic proxysetup in skolelinux is set to use the squid
install on tjener as proxy, i cant make it work. All trafic that my
pfSense sees is the trafic from tjener (10.0.2.2).
I have asked in the irc channel on this, and got the answeer to use
wpad-file to stear clients to my pfSense box as proxy rather than
tjener. Ive tried to set this up on tjener and on the ltsp
equivalent to no use. All clients are still locked to tjener as
proxy.

I have 2 senarios/sugestions that is valid.
1. Get in place a decent way to administrate the proxy setup,
blacklist, and so on, on tjener. (preferably through gosa)
2. Remove the use/need of proxy on tjener and let a dedicated
firewall do the job.

I would prefear the first alternative, but the second holds some
advantages too. The 2nd will ease the load on tjener quite a bit.
pfSense, for one, has a very nice way to do this, and can be
integradet to tjener's ldap for easier administration.

Kindly Regards
Helge Tore Høyland

--
To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 5549DFFD.6010807@gmail.com">https://lists.debian.org/[🔎] 5549DFFD.6010807@gmail.com

Reply to:

Follow-Ups:
- Re: Squid proxy thoughts
  - From: Giorgio Pioda <gfwp@ticino.com>

References:
- Squid proxy thoughts
  - From: Helge Tore Høyland <helge.tore.hoyland@gmail.com>
- Re: Squid proxy thoughts
  - From: Giorgio Pioda <gfwp@ticino.com>

Prev by Date: Re: wpad and chromium
Next by Date: Re: Squid proxy thoughts
Previous by thread: Re: Squid proxy thoughts
Next by thread: Re: Squid proxy thoughts
Index(es):
- Date
- Thread