[GLLUG] content filtering

Michael George george at idealso.com
Tue Apr 1 13:46:37 EDT 2008 

On Tue, April 1, 2008 1:36 pm, Karl Schuttler wrote:
> If you need somewhere to store logs and stuff like that, be aware that
> you can samba mount stuff with ddwrt and openwrt, so you could just
> have it automount the samba partition and store stuff there.

True.  And for that matter, I can tell it to ship the logs off to a syslog
server.  As long as it will log with the detail I'd need.  The downside is
that the router (probably) won't know who the user is that is sending the
requests.

> On Tue, Apr 1, 2008 at 8:34 AM, Michael George <george at idealso.com> wrote:
>> I'll look at the openwrt site and see what I can find for modules.  I
>>  understand that dd-wrt is based on it and can use its modules, but they
>>  will have to be hand-configured.
>>
>>  Do you know of any "recipies" for setting up firewall rules on a server
>> to
>>  run transparent/forced proxy?  I'm hoping for a solution that doesn't
>>  require me to dig knee-deep into learning firewall rules...
>>
>>  I'm also quite happy with a multi-layered approach.  I can use OpenDNS,
>>  and dansguardian, and the log files.  Putting the system in a public
>> place
>>  is probably one of the best moves, but there are some physical
>>  complexities going in that direction...
>>
>>  Hmm, I bet I can get a boot CD that will fire up the system and do the
>>  same things that LTSP does over wireless...  I'll have to look into
>> that
>>  option.  Then I can put the system in more places in the house without
>>  stringing more ethernet cables...
>>
>>
>>
>>  On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
>>  > -----BEGIN PGP SIGNED MESSAGE-----
>>  > Hash: SHA1
>>  >
>>  > Michael George wrote:
>>  > | It's time I get more serious about content filtering at home, now
>> that
>>  > my
>>  > | kids are able to get online.
>>  > |
>>  > | I know there is the dansguardian/squid proxy filter, but I don't
>> want to
>>  > | jump immediately to an approach that requires another computer.  I
>> use
>>  > | LTSP for myself and for the kids, so we're all on the same system
>>  > | (therefore I can't just use mine as the proxy server).
>>  > |
>>  > | I've heard of OpenDNS for DNS-level filtering, but I'm not sure if
>> that
>>  > | will have some loopholes that I hadn't though of...
>>  >
>>  > For starters, a loophole is that someone can just bypass DNS.  It
>>  > wouldn't be convenient, but is still relatively easy to do if your
>> kids
>>  > are so inclined.  They certainly won't fall into that loophole by
>>  > accident, however, so with good parenting, I don't think this would
>> be
>>  > an issue.
>>  >
>>  > | I should have thought ahead more when I got my router.  I put in a
>>  > Linksys
>>  > | WRT54GL running dd-wrt just recently.  I'm happy with it so far,
>> and it
>>  > | will facilitate a transparent proxy, but it doesn't implement one.
>>  > Since
>>  > | I only use it for basic router and firewall tasks, it would be nice
>> to
>>  > | have a content filtering proxy built into it.
>>  > |
>>  > | Anyone here have opinions/advice?  Thanks!
>>  >
>>  > I don't know about your kids, but have you looked into providing
>> either
>>  > a mostly open internet connection (regarding http port 80/443) with
>>  > logging for later review OR a whitelist based approach?  I don't know
>>  > about dd-wrt, but if you were running OpenWRT that should certainly
>> be
>>  > doable (especially with the up to 2GB flash storage you can put in
>> the
>>  > GL).
>>  >
>>  > Also, since you are running on the same system, you CAN use your
>> machine
>>  > as the proxy.  When on the same machine, you can use firewall rules
>> to
>>  > force certain users to use the proxy and allow others open access.
>>  > While still on the same machine, I think this is the best option.
>>  > -----BEGIN PGP SIGNATURE-----
>>  > Version: GnuPG v1.4.7 (GNU/Linux)
>>  > Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>>  >
>>  > iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
>>  > ql2l5Ej5l4zqketet3lSJhk=
>>  > =mNuB
>>  > -----END PGP SIGNATURE-----
>>  >
>>
>>
>>  -Michael George
>>
>>
>> _______________________________________________
>>  linux-user mailing list
>>  linux-user at egr.msu.edu
>>  http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>>
>


-Michael George

More information about the linux-user mailing list