[Nepal] Dansguardian]

Roshan Karki roshan at olenepal.org
Sun Oct 12 23:59:14 EDT 2008 

Roshan Karki wrote:
> Tony Anderson wrote:
>> Hi, Bernie
>>
>> I am trying to make a usb stick which can be used to install XS on a 
>> server with minimum intervention by the installer.
>>
>> My first attempt is to use livecd-iso-to-disk to load the XS_0_4 image. 
>> I plan to add dansguardian and mysql rpms plus a backup of Moodle to the 
>> usb stick filesystem. I am developing a post-install Bash script which 
>> will run rpm on dansguardian and mysql, copy the moodle directories, 
>> restore the moodle database, and configure the system.
>>
>> The problem with dansguardian at the moment is setting up the iptables 
>> which also involves squid. The scheme should go something like this:
>>
>> (http://www.nyetwork.org/wiki/DansGuardian)
>>
>>      * XO user types in address in browser
>>      * Computer (e.g. 172.18.0.244) creates TCP/IP packet and sends it 
>> to the default gateway (e.g. 172.18.0.1)
>>      * The gateway sees this outgoing request, and sends it to the local 
>> port 127.0.0.1:8081
>>      * DansGuardian is listening on localhost:8081
>>      * DansGuardian filters the URL. If the URL is ok and passes PICS 
>> ratings, it sends the request to localhost:3128 which is Squid
>>      * Squid requests the page from the Internet.
>>
>> [here the request (for an mp3 file) goes to 192.168.5.1, i.e. to 
>> dansguardian at olenepal, and if ok, dansguardian returns the page to 
>> 192.168.5.44 - the server on the WAN (eth0). What is probably happening 
>> is that the access denied page is being returned to the server]
>>
>>      * Squid returns page to DG
>>      * DG filters page for bad words
>>      * DG returns page to browser
>>      * Browser shows the "Denied!" page or the normal web page
>>
>> I am at home so I can't give you the specifics of what I am entering 
>> now. In any case, it works in the sense that the XOs communicate with 
>> the internet. However, the traffic gets intercepted by olenepal's 
>> dansguardian, not the one on the server.
>>
>> Hopefully, Sunday I can set up a restriction on the server's 
>> dansguardian for a page which is ok by the olenepal dansguardian to see 
>> if this is what is happening.
>>
>> Tony
>>
>>
>> -------- Original Message --------
>> Subject: Re: Dansguardian
>> Date: Fri, 10 Oct 2008 12:53:21 +0545
>> From: Bryan Berry <bryan at olenepal.org>
>> Organization: OLE Nepal
>> To: Bernie Innocenti <bernie at codewiz.org>
>> CC: Nepal <Nepal at lists.laptop.org>, Tony Anderson 
>> <tony_anderson at usa.net>,  Prithak Sharma <prithak at olenepal.org>
>> References: <48EE80E1.3020703 at codewiz.org>
>>
>> On Fri, 2008-10-10 at 00:08 +0200, Bernie Innocenti wrote:
>>   
>>> Do you still plan to use Dans Guardian?
>>>     
>>
>> Absolutely, thanks.
>>
>> Bernie, meet Prithak Sharma. He is a super geek who will be working
>> heavily on the XS and networking. Not only is he a linux geek, he is a
>> FreeBSD geek! He will be starting full-time w/ us beginning Oct 19th,
>> and has even started w/ Dansguardian during the current Dashain holiday.
>>
>> He is working w/ our other new volunteer, Tony Anderson aka "Master
>> Yoda" on the XS. Tony is great, he is like you just a few years older ;)
>>
>>
>>   
>>> I made a package for Fedora and I was pushing it through the review 
>>> process back when I was at OLE, but it got stuck due to licensing 
>>> concerns.
>>>
>>> Now the RH legal guy approved the package with a small change:
>>>
>>>    https://bugzilla.redhat.com/show_bug.cgi?id=458643
>>>
>>> If it seems useful for the school server, I might do this remaining 
>>> work to get it in Rawhide and maybe backport it to F10.
>>>
>>>     
> Do you guys know a simple url injection is bypassing the dnsguardian. 
> For case in a point last week I was trying to download few bunch of 
> .msi files for cygwin. As expected it was blocked by dnsguardain. So I 
> chnged the URL to something like www.server.com/file.msi to 
> www.server.com/file.msi?test=123.php and I downloaded bunch of msi files.
dansguardian*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/nepal/attachments/20081013/70604388/attachment.htm

More information about the Nepal mailing list