[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: Using debian as a proxy/masq. server.

Shaya said:
I am currently using a debian system to masquerade all the traffic from 
my high school's win95 lan to the internet.  This is ok for a temporary 
manner, but my school wants me to implement a way to track where all the 
students are going, can't have them going to sighs which arn't kosher,
you know what I mean.  Well, is there a way to do this, in that they 
authenicate themselves to the debian box, with a username and password, 
and the proxy server will record wherever they go (until the logout). 
is there an easier way.

I help a school district do very much the same thing. I use 'squid' (not
the debian one because it does not support 'proxy-authentication' but
the newer one from http://squid.nlanr.net). The apache 'proxy' module
was not capable of doing authentication when I checked a few months ago.
I use masquerade but only to open 'holes' for specific physically secure
machines, e.g. mail servers.

Everyone has a username/password checked via proxy-authentication for
http/ftp access. The squid access log tracks where they go, and try to
go. The logs are accessible only to the administrator and looked at only
if a 'problem' is reported.

We will use 'dhcp' to link ip addresses to hardware addresses. I haven't
quite figured out how to verify that someone hasn't altered the ip
address after bootup though...

Everyone signs an acceptable use agreement in which it is made plain
that they should have no expectation of privacy in their access to the
internet from school. Although this may seem extreme, it allows us to
not censor access in advance, but rather have the means to resolve
reported problems by knowing who did what when and from which machine.
They can use home or public library machines if they want private

Michael Laing, President     _|_|_|_|  _|        _|      _|  _|_|_|
Foster Laing & Noonan, Inc.  _|        _|        _|_|    _|    _|
mpl@flni.com 207.832.6372    _|_|_|    _|        _|  _|  _|    _|
Internet Software Developers _|        _|        _|    _|_|    _|
_____and Consultants__________|        _|_|_|_|  _|      _|  _|_|_|

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: