[Nepal] Dansguardian]

Sun Oct 12 23:55:21 EDT 2008

Tony Anderson wrote:
> Hi, Bernie
>
> I am trying to make a usb stick which can be used to install XS on a 
> server with minimum intervention by the installer.
>
> My first attempt is to use livecd-iso-to-disk to load the XS_0_4 image. 
> I plan to add dansguardian and mysql rpms plus a backup of Moodle to the 
> usb stick filesystem. I am developing a post-install Bash script which 
> will run rpm on dansguardian and mysql, copy the moodle directories, 
> restore the moodle database, and configure the system.
>
> The problem with dansguardian at the moment is setting up the iptables 
> which also involves squid. The scheme should go something like this:
>
> (http://www.nyetwork.org/wiki/DansGuardian)
>
>      * XO user types in address in browser
>      * Computer (e.g. 172.18.0.244) creates TCP/IP packet and sends it 
> to the default gateway (e.g. 172.18.0.1)
>      * The gateway sees this outgoing request, and sends it to the local 
> port 127.0.0.1:8081
>      * DansGuardian is listening on localhost:8081
>      * DansGuardian filters the URL. If the URL is ok and passes PICS 
> ratings, it sends the request to localhost:3128 which is Squid
>      * Squid requests the page from the Internet.
>
> [here the request (for an mp3 file) goes to 192.168.5.1, i.e. to 
> dansguardian at olenepal, and if ok, dansguardian returns the page to 
> 192.168.5.44 - the server on the WAN (eth0). What is probably happening 
> is that the access denied page is being returned to the server]
>
>      * Squid returns page to DG
>      * DG filters page for bad words
>      * DG returns page to browser
>      * Browser shows the "Denied!" page or the normal web page
>
> I am at home so I can't give you the specifics of what I am entering 
> now. In any case, it works in the sense that the XOs communicate with 
> the internet. However, the traffic gets intercepted by olenepal's 
> dansguardian, not the one on the server.
>
> Hopefully, Sunday I can set up a restriction on the server's 
> dansguardian for a page which is ok by the olenepal dansguardian to see 
> if this is what is happening.
>
> Tony
>
>
> -------- Original Message --------
> Subject: Re: Dansguardian
> Date: Fri, 10 Oct 2008 12:53:21 +0545
> From: Bryan Berry <bryan at olenepal.org>
> Organization: OLE Nepal
> To: Bernie Innocenti <bernie at codewiz.org>
> CC: Nepal <Nepal at lists.laptop.org>, Tony Anderson 
> <tony_anderson at usa.net>,  Prithak Sharma <prithak at olenepal.org>
> References: <48EE80E1.3020703 at codewiz.org>
>
> On Fri, 2008-10-10 at 00:08 +0200, Bernie Innocenti wrote:
>   
>> Do you still plan to use Dans Guardian?
>>     
>
> Absolutely, thanks.
>
> Bernie, meet Prithak Sharma. He is a super geek who will be working
> heavily on the XS and networking. Not only is he a linux geek, he is a
> FreeBSD geek! He will be starting full-time w/ us beginning Oct 19th,
> and has even started w/ Dansguardian during the current Dashain holiday.
>
> He is working w/ our other new volunteer, Tony Anderson aka "Master
> Yoda" on the XS. Tony is great, he is like you just a few years older ;)
>
>
>   
>> I made a package for Fedora and I was pushing it through the review 
>> process back when I was at OLE, but it got stuck due to licensing 
>> concerns.
>>
>> Now the RH legal guy approved the package with a small change:
>>
>>    https://bugzilla.redhat.com/show_bug.cgi?id=458643
>>
>> If it seems useful for the school server, I might do this remaining 
>> work to get it in Rawhide and maybe backport it to F10.
>>
>>     
Do you guys know a simple url injection is bypassing the dnsguardian. 
For case in a point last week I was trying to download few bunch of .msi 
files for cygwin. As expected it was blocked by dnsguardain. So I chnged 
the URL to something like www.server.com/file.msi to 
www.server.com/file.msi?test=123.php and I downloaded bunch of msi files.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/nepal/attachments/20081013/07370ec5/attachment.htm