[Nepal] Dansguardian]
Roshan Karki
roshan at olenepal.org
Sun Oct 12 23:59:14 EDT 2008
Roshan Karki wrote:
> Tony Anderson wrote:
>> Hi, Bernie
>>
>> I am trying to make a usb stick which can be used to install XS on a
>> server with minimum intervention by the installer.
>>
>> My first attempt is to use livecd-iso-to-disk to load the XS_0_4 image.
>> I plan to add dansguardian and mysql rpms plus a backup of Moodle to the
>> usb stick filesystem. I am developing a post-install Bash script which
>> will run rpm on dansguardian and mysql, copy the moodle directories,
>> restore the moodle database, and configure the system.
>>
>> The problem with dansguardian at the moment is setting up the iptables
>> which also involves squid. The scheme should go something like this:
>>
>> (http://www.nyetwork.org/wiki/DansGuardian)
>>
>> * XO user types in address in browser
>> * Computer (e.g. 172.18.0.244) creates TCP/IP packet and sends it
>> to the default gateway (e.g. 172.18.0.1)
>> * The gateway sees this outgoing request, and sends it to the local
>> port 127.0.0.1:8081
>> * DansGuardian is listening on localhost:8081
>> * DansGuardian filters the URL. If the URL is ok and passes PICS
>> ratings, it sends the request to localhost:3128 which is Squid
>> * Squid requests the page from the Internet.
>>
>> [here the request (for an mp3 file) goes to 192.168.5.1, i.e. to
>> dansguardian at olenepal, and if ok, dansguardian returns the page to
>> 192.168.5.44 - the server on the WAN (eth0). What is probably happening
>> is that the access denied page is being returned to the server]
>>
>> * Squid returns page to DG
>> * DG filters page for bad words
>> * DG returns page to browser
>> * Browser shows the "Denied!" page or the normal web page
>>
>> I am at home so I can't give you the specifics of what I am entering
>> now. In any case, it works in the sense that the XOs communicate with
>> the internet. However, the traffic gets intercepted by olenepal's
>> dansguardian, not the one on the server.
>>
>> Hopefully, Sunday I can set up a restriction on the server's
>> dansguardian for a page which is ok by the olenepal dansguardian to see
>> if this is what is happening.
>>
>> Tony
>>
>>
>> -------- Original Message --------
>> Subject: Re: Dansguardian
>> Date: Fri, 10 Oct 2008 12:53:21 +0545
>> From: Bryan Berry <bryan at olenepal.org>
>> Organization: OLE Nepal
>> To: Bernie Innocenti <bernie at codewiz.org>
>> CC: Nepal <Nepal at lists.laptop.org>, Tony Anderson
>> <tony_anderson at usa.net>, Prithak Sharma <prithak at olenepal.org>
>> References: <48EE80E1.3020703 at codewiz.org>
>>
>> On Fri, 2008-10-10 at 00:08 +0200, Bernie Innocenti wrote:
>>
>>> Do you still plan to use Dans Guardian?
>>>
>>
>> Absolutely, thanks.
>>
>> Bernie, meet Prithak Sharma. He is a super geek who will be working
>> heavily on the XS and networking. Not only is he a linux geek, he is a
>> FreeBSD geek! He will be starting full-time w/ us beginning Oct 19th,
>> and has even started w/ Dansguardian during the current Dashain holiday.
>>
>> He is working w/ our other new volunteer, Tony Anderson aka "Master
>> Yoda" on the XS. Tony is great, he is like you just a few years older ;)
>>
>>
>>
>>> I made a package for Fedora and I was pushing it through the review
>>> process back when I was at OLE, but it got stuck due to licensing
>>> concerns.
>>>
>>> Now the RH legal guy approved the package with a small change:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=458643
>>>
>>> If it seems useful for the school server, I might do this remaining
>>> work to get it in Rawhide and maybe backport it to F10.
>>>
>>>
> Do you guys know a simple url injection is bypassing the dnsguardian.
> For case in a point last week I was trying to download few bunch of
> .msi files for cygwin. As expected it was blocked by dnsguardain. So I
> chnged the URL to something like www.server.com/file.msi to
> www.server.com/file.msi?test=123.php and I downloaded bunch of msi files.
dansguardian*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/nepal/attachments/20081013/70604388/attachment.htm
More information about the Nepal
mailing list