[GLLUG] content filtering
Karl Schuttler
rexykik at gmail.com
Tue Apr 1 13:50:53 EDT 2008
Cross reference with who was logged on at that time?
On Tue, Apr 1, 2008 at 1:46 PM, Michael George <george at idealso.com> wrote:
>
> On Tue, April 1, 2008 1:36 pm, Karl Schuttler wrote:
> > If you need somewhere to store logs and stuff like that, be aware that
> > you can samba mount stuff with ddwrt and openwrt, so you could just
> > have it automount the samba partition and store stuff there.
>
> True. And for that matter, I can tell it to ship the logs off to a syslog
> server. As long as it will log with the detail I'd need. The downside is
> that the router (probably) won't know who the user is that is sending the
> requests.
>
>
>
> > On Tue, Apr 1, 2008 at 8:34 AM, Michael George <george at idealso.com> wrote:
> >> I'll look at the openwrt site and see what I can find for modules. I
> >> understand that dd-wrt is based on it and can use its modules, but they
> >> will have to be hand-configured.
> >>
> >> Do you know of any "recipies" for setting up firewall rules on a server
> >> to
> >> run transparent/forced proxy? I'm hoping for a solution that doesn't
> >> require me to dig knee-deep into learning firewall rules...
> >>
> >> I'm also quite happy with a multi-layered approach. I can use OpenDNS,
> >> and dansguardian, and the log files. Putting the system in a public
> >> place
> >> is probably one of the best moves, but there are some physical
> >> complexities going in that direction...
> >>
> >> Hmm, I bet I can get a boot CD that will fire up the system and do the
> >> same things that LTSP does over wireless... I'll have to look into
> >> that
> >> option. Then I can put the system in more places in the house without
> >> stringing more ethernet cables...
> >>
> >>
> >>
> >> On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > Michael George wrote:
> >> > | It's time I get more serious about content filtering at home, now
> >> that
> >> > my
> >> > | kids are able to get online.
> >> > |
> >> > | I know there is the dansguardian/squid proxy filter, but I don't
> >> want to
> >> > | jump immediately to an approach that requires another computer. I
> >> use
> >> > | LTSP for myself and for the kids, so we're all on the same system
> >> > | (therefore I can't just use mine as the proxy server).
> >> > |
> >> > | I've heard of OpenDNS for DNS-level filtering, but I'm not sure if
> >> that
> >> > | will have some loopholes that I hadn't though of...
> >> >
> >> > For starters, a loophole is that someone can just bypass DNS. It
> >> > wouldn't be convenient, but is still relatively easy to do if your
> >> kids
> >> > are so inclined. They certainly won't fall into that loophole by
> >> > accident, however, so with good parenting, I don't think this would
> >> be
> >> > an issue.
> >> >
> >> > | I should have thought ahead more when I got my router. I put in a
> >> > Linksys
> >> > | WRT54GL running dd-wrt just recently. I'm happy with it so far,
> >> and it
> >> > | will facilitate a transparent proxy, but it doesn't implement one.
> >> > Since
> >> > | I only use it for basic router and firewall tasks, it would be nice
> >> to
> >> > | have a content filtering proxy built into it.
> >> > |
> >> > | Anyone here have opinions/advice? Thanks!
> >> >
> >> > I don't know about your kids, but have you looked into providing
> >> either
> >> > a mostly open internet connection (regarding http port 80/443) with
> >> > logging for later review OR a whitelist based approach? I don't know
> >> > about dd-wrt, but if you were running OpenWRT that should certainly
> >> be
> >> > doable (especially with the up to 2GB flash storage you can put in
> >> the
> >> > GL).
> >> >
> >> > Also, since you are running on the same system, you CAN use your
> >> machine
> >> > as the proxy. When on the same machine, you can use firewall rules
> >> to
> >> > force certain users to use the proxy and allow others open access.
> >> > While still on the same machine, I think this is the best option.
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.4.7 (GNU/Linux)
> >> > Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
> >> >
> >> > iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
> >> > ql2l5Ej5l4zqketet3lSJhk=
> >> > =mNuB
> >> > -----END PGP SIGNATURE-----
> >> >
> >>
> >>
> >> -Michael George
> >>
> >>
> >> _______________________________________________
> >> linux-user mailing list
> >> linux-user at egr.msu.edu
> >> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> >>
> >
>
>
> -Michael George
>
More information about the linux-user
mailing list