[Freeschool] Fwd: [school-discuss] Re: Creating a Stand-Alone Linux Computer with Dan's Guardian

Сб Фев 26 11:15:43 MSK 2005

----- Forwarded message from "Karsten M. Self" <kmself на ix.netcom.com> -----

Date: Fri, 25 Feb 2005 16:21:04 -0800
From: "Karsten M. Self" <kmself на ix.netcom.com>
To: School Forge List <schoolforge-discuss на schoolforge.net>
Subject: [school-discuss] Re: Creating a Stand-Alone Linux Computer with Dan's Guardian

on Thu, Feb 17, 2005 at 06:39:47AM -0700, Troy Banther (troy на banther-trx.homeunix.com) wrote:
> Hello everyone,
> 
> Has anyone on the set up a stand alone Linux computer with an Internet
> filtering program?
> 
> I have never set one up but am interested in doing so for a non-profit
> agency.

Sure:  install Dansguardian, a context and origin-based filtering system.

Not sure what you mean by "stand-alone", though most probable cases
should be covered, including:

  - A filtering proxy, through which all web traffic passes.
  - Filter for web surfing from the same box.

The main question is how easy/hard do you want it to be to defeat the
filter?

In my case, I set up a youth center's tech lab using Dansguardian for
outbound filtering.  Basic architecture:

       ,~~~~~~~~~~~~~~~,
      (                 )
       )    Internet   (
      (                 )                           +----------+
       ~~~~~~~~+~~~~~~~~                      , --- |          |
               |  +-----------------+        / ---- | Filtered |
               |  | Gateway         |       / ----- |          |
               +--+   IP Filters    +------< ------ | LAN      |
                  |   Dansguardian  |       \ ----- |          |
                  +-----------------+        \ ---- | Clients  |
                                              `---- |          |
                                                    +----------+

...with the filtering standing between the desktop clients and the
Internet.  All proxy management was handled via firewall rules for
transparent proxy.  This means no client-side configuration, and no
client-side defeat of filtering.

Note that web filtering isn't perfect, particularly if users discover
upstream SSL proxies.  This allows them access to filtered content, and
since the outbound connection itself is encrypted, it can't be tracked
for content.

Peace.

-- 
Karsten M. Self <kmself на ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    I said, "And creatin' a nuisance . . . " And they all came back,
    shook my hand, and we had a great time.
    - A. Guthrie

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/