[GLLUG] content filtering
Richard Houser
rick at divinesymphony.net
Thu Apr 3 03:19:55 EDT 2008
You could also make the system bind two IP addresses and make a local
firewall rule that sends all your user traffic out the other IP. Of
course, that kinda rules out certain closed source bugg^H^H^H^H excuses
for operating systems.
Karl Schuttler wrote:
> I don't know if this gets logged, but you might be able to change the
> banner of the browser for their firefox profiles, so that it says
> their name, and then log that. Just a thought; i'm not sure how it all
> works.
>
> On Tue, Apr 1, 2008 at 2:01 PM, Michael George <george at idealso.com> wrote:
>> It's a multi-user system. There could be multiple users at any given
>> time. Don't get me wrong, I think the logging is a good idea, but it's
>> not perfect. However, when trying to monitor web usage, there is no
>> "perfect".
>>
>>
>>
>> On Tue, April 1, 2008 1:50 pm, Karl Schuttler wrote:
>> > Cross reference with who was logged on at that time?
>> >
>> > On Tue, Apr 1, 2008 at 1:46 PM, Michael George <george at idealso.com> wrote:
>> >>
>> >> On Tue, April 1, 2008 1:36 pm, Karl Schuttler wrote:
>> >> > If you need somewhere to store logs and stuff like that, be aware
>> >> that
>> >> > you can samba mount stuff with ddwrt and openwrt, so you could just
>> >> > have it automount the samba partition and store stuff there.
>> >>
>> >> True. And for that matter, I can tell it to ship the logs off to a
>> >> syslog
>> >> server. As long as it will log with the detail I'd need. The downside
>> >> is
>> >> that the router (probably) won't know who the user is that is sending
>> >> the
>> >> requests.
>> >>
>> >>
>> >>
>> >> > On Tue, Apr 1, 2008 at 8:34 AM, Michael George <george at idealso.com>
>> >> wrote:
>> >> >> I'll look at the openwrt site and see what I can find for modules.
>> >> I
>> >> >> understand that dd-wrt is based on it and can use its modules, but
>> >> they
>> >> >> will have to be hand-configured.
>> >> >>
>> >> >> Do you know of any "recipies" for setting up firewall rules on a
>> >> server
>> >> >> to
>> >> >> run transparent/forced proxy? I'm hoping for a solution that
>> >> doesn't
>> >> >> require me to dig knee-deep into learning firewall rules...
>> >> >>
>> >> >> I'm also quite happy with a multi-layered approach. I can use
>> >> OpenDNS,
>> >> >> and dansguardian, and the log files. Putting the system in a
>> >> public
>> >> >> place
>> >> >> is probably one of the best moves, but there are some physical
>> >> >> complexities going in that direction...
>> >> >>
>> >> >> Hmm, I bet I can get a boot CD that will fire up the system and do
>> >> the
>> >> >> same things that LTSP does over wireless... I'll have to look into
>> >> >> that
>> >> >> option. Then I can put the system in more places in the house
>> >> without
>> >> >> stringing more ethernet cables...
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
>> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> > Hash: SHA1
>> >> >> >
>> >> >> > Michael George wrote:
>> >> >> > | It's time I get more serious about content filtering at home,
>> >> now
>> >> >> that
>> >> >> > my
>> >> >> > | kids are able to get online.
>> >> >> > |
>> >> >> > | I know there is the dansguardian/squid proxy filter, but I
>> >> don't
>> >> >> want to
>> >> >> > | jump immediately to an approach that requires another computer.
>> >> I
>> >> >> use
>> >> >> > | LTSP for myself and for the kids, so we're all on the same
>> >> system
>> >> >> > | (therefore I can't just use mine as the proxy server).
>> >> >> > |
>> >> >> > | I've heard of OpenDNS for DNS-level filtering, but I'm not sure
>> >> if
>> >> >> that
>> >> >> > | will have some loopholes that I hadn't though of...
>> >> >> >
>> >> >> > For starters, a loophole is that someone can just bypass DNS. It
>> >> >> > wouldn't be convenient, but is still relatively easy to do if
>> >> your
>> >> >> kids
>> >> >> > are so inclined. They certainly won't fall into that loophole by
>> >> >> > accident, however, so with good parenting, I don't think this
>> >> would
>> >> >> be
>> >> >> > an issue.
>> >> >> >
>> >> >> > | I should have thought ahead more when I got my router. I put
>> >> in a
>> >> >> > Linksys
>> >> >> > | WRT54GL running dd-wrt just recently. I'm happy with it so
>> >> far,
>> >> >> and it
>> >> >> > | will facilitate a transparent proxy, but it doesn't implement
>> >> one.
>> >> >> > Since
>> >> >> > | I only use it for basic router and firewall tasks, it would be
>> >> nice
>> >> >> to
>> >> >> > | have a content filtering proxy built into it.
>> >> >> > |
>> >> >> > | Anyone here have opinions/advice? Thanks!
>> >> >> >
>> >> >> > I don't know about your kids, but have you looked into providing
>> >> >> either
>> >> >> > a mostly open internet connection (regarding http port 80/443)
>> >> with
>> >> >> > logging for later review OR a whitelist based approach? I don't
>> >> know
>> >> >> > about dd-wrt, but if you were running OpenWRT that should
>> >> certainly
>> >> >> be
>> >> >> > doable (especially with the up to 2GB flash storage you can put
>> >> in
>> >> >> the
>> >> >> > GL).
>> >> >> >
>> >> >> > Also, since you are running on the same system, you CAN use your
>> >> >> machine
>> >> >> > as the proxy. When on the same machine, you can use firewall
>> >> rules
>> >> >> to
>> >> >> > force certain users to use the proxy and allow others open
>> >> access.
>> >> >> > While still on the same machine, I think this is the best option.
>> >> >> > -----BEGIN PGP SIGNATURE-----
>> >> >> > Version: GnuPG v1.4.7 (GNU/Linux)
>> >> >> > Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>> >> >> >
>> >> >> > iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
>> >> >> > ql2l5Ej5l4zqketet3lSJhk=
>> >> >> > =mNuB
>> >> >> > -----END PGP SIGNATURE-----
>> >> >> >
>> >> >>
>> >> >>
>> >> >> -Michael George
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> linux-user mailing list
>> >> >> linux-user at egr.msu.edu
>> >> >> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>> >> >>
>> >> >
>> >>
>> >>
>> >> -Michael George
>> >>
>> >
>>
>>
>> -Michael George
>>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
More information about the linux-user
mailing list