[GLLUG] content filtering

Karl Schuttler rexykik at gmail.com
Tue Apr 1 13:36:53 EDT 2008 

If you need somewhere to store logs and stuff like that, be aware that
you can samba mount stuff with ddwrt and openwrt, so you could just
have it automount the samba partition and store stuff there.

On Tue, Apr 1, 2008 at 8:34 AM, Michael George <george at idealso.com> wrote:
> I'll look at the openwrt site and see what I can find for modules.  I
>  understand that dd-wrt is based on it and can use its modules, but they
>  will have to be hand-configured.
>
>  Do you know of any "recipies" for setting up firewall rules on a server to
>  run transparent/forced proxy?  I'm hoping for a solution that doesn't
>  require me to dig knee-deep into learning firewall rules...
>
>  I'm also quite happy with a multi-layered approach.  I can use OpenDNS,
>  and dansguardian, and the log files.  Putting the system in a public place
>  is probably one of the best moves, but there are some physical
>  complexities going in that direction...
>
>  Hmm, I bet I can get a boot CD that will fire up the system and do the
>  same things that LTSP does over wireless...  I'll have to look into that
>  option.  Then I can put the system in more places in the house without
>  stringing more ethernet cables...
>
>
>
>  On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
>  > -----BEGIN PGP SIGNED MESSAGE-----
>  > Hash: SHA1
>  >
>  > Michael George wrote:
>  > | It's time I get more serious about content filtering at home, now that
>  > my
>  > | kids are able to get online.
>  > |
>  > | I know there is the dansguardian/squid proxy filter, but I don't want to
>  > | jump immediately to an approach that requires another computer.  I use
>  > | LTSP for myself and for the kids, so we're all on the same system
>  > | (therefore I can't just use mine as the proxy server).
>  > |
>  > | I've heard of OpenDNS for DNS-level filtering, but I'm not sure if that
>  > | will have some loopholes that I hadn't though of...
>  >
>  > For starters, a loophole is that someone can just bypass DNS.  It
>  > wouldn't be convenient, but is still relatively easy to do if your kids
>  > are so inclined.  They certainly won't fall into that loophole by
>  > accident, however, so with good parenting, I don't think this would be
>  > an issue.
>  >
>  > | I should have thought ahead more when I got my router.  I put in a
>  > Linksys
>  > | WRT54GL running dd-wrt just recently.  I'm happy with it so far, and it
>  > | will facilitate a transparent proxy, but it doesn't implement one.
>  > Since
>  > | I only use it for basic router and firewall tasks, it would be nice to
>  > | have a content filtering proxy built into it.
>  > |
>  > | Anyone here have opinions/advice?  Thanks!
>  >
>  > I don't know about your kids, but have you looked into providing either
>  > a mostly open internet connection (regarding http port 80/443) with
>  > logging for later review OR a whitelist based approach?  I don't know
>  > about dd-wrt, but if you were running OpenWRT that should certainly be
>  > doable (especially with the up to 2GB flash storage you can put in the
>  > GL).
>  >
>  > Also, since you are running on the same system, you CAN use your machine
>  > as the proxy.  When on the same machine, you can use firewall rules to
>  > force certain users to use the proxy and allow others open access.
>  > While still on the same machine, I think this is the best option.
>  > -----BEGIN PGP SIGNATURE-----
>  > Version: GnuPG v1.4.7 (GNU/Linux)
>  > Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>  >
>  > iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
>  > ql2l5Ej5l4zqketet3lSJhk=
>  > =mNuB
>  > -----END PGP SIGNATURE-----
>  >
>
>
>  -Michael George
>
>
> _______________________________________________
>  linux-user mailing list
>  linux-user at egr.msu.edu
>  http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>

More information about the linux-user mailing list