<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Roshan Karki wrote:
<blockquote cite="mid:48F2C6A9.700@olenepal.org" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
Tony Anderson wrote:
<blockquote cite="mid:48EF0AE5.2000609@usa.net" type="cite">
<pre wrap="">Hi, Bernie
I am trying to make a usb stick which can be used to install XS on a
server with minimum intervention by the installer.
My first attempt is to use livecd-iso-to-disk to load the XS_0_4 image.
I plan to add dansguardian and mysql rpms plus a backup of Moodle to the
usb stick filesystem. I am developing a post-install Bash script which
will run rpm on dansguardian and mysql, copy the moodle directories,
restore the moodle database, and configure the system.
The problem with dansguardian at the moment is setting up the iptables
which also involves squid. The scheme should go something like this:
(<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.nyetwork.org/wiki/DansGuardian">http://www.nyetwork.org/wiki/DansGuardian</a>)
* XO user types in address in browser
* Computer (e.g. 172.18.0.244) creates TCP/IP packet and sends it
to the default gateway (e.g. 172.18.0.1)
* The gateway sees this outgoing request, and sends it to the local
port 127.0.0.1:8081
* DansGuardian is listening on localhost:8081
* DansGuardian filters the URL. If the URL is ok and passes PICS
ratings, it sends the request to localhost:3128 which is Squid
* Squid requests the page from the Internet.
[here the request (for an mp3 file) goes to 192.168.5.1, i.e. to
dansguardian at olenepal, and if ok, dansguardian returns the page to
192.168.5.44 - the server on the WAN (eth0). What is probably happening
is that the access denied page is being returned to the server]
* Squid returns page to DG
* DG filters page for bad words
* DG returns page to browser
* Browser shows the "Denied!" page or the normal web page
I am at home so I can't give you the specifics of what I am entering
now. In any case, it works in the sense that the XOs communicate with
the internet. However, the traffic gets intercepted by olenepal's
dansguardian, not the one on the server.
Hopefully, Sunday I can set up a restriction on the server's
dansguardian for a page which is ok by the olenepal dansguardian to see
if this is what is happening.
Tony
-------- Original Message --------
Subject: Re: Dansguardian
Date: Fri, 10 Oct 2008 12:53:21 +0545
From: Bryan Berry <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:bryan@olenepal.org"><bryan@olenepal.org></a>
Organization: OLE Nepal
To: Bernie Innocenti <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:bernie@codewiz.org"><bernie@codewiz.org></a>
CC: Nepal <a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:Nepal@lists.laptop.org"><Nepal@lists.laptop.org></a>, Tony Anderson
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:tony_anderson@usa.net"><tony_anderson@usa.net></a>, Prithak Sharma <a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:prithak@olenepal.org"><prithak@olenepal.org></a>
References: <a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:48EE80E1.3020703@codewiz.org"><48EE80E1.3020703@codewiz.org></a>
On Fri, 2008-10-10 at 00:08 +0200, Bernie Innocenti wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Do you still plan to use Dans Guardian?
</pre>
</blockquote>
<pre wrap=""><!---->
Absolutely, thanks.
Bernie, meet Prithak Sharma. He is a super geek who will be working
heavily on the XS and networking. Not only is he a linux geek, he is a
FreeBSD geek! He will be starting full-time w/ us beginning Oct 19th,
and has even started w/ Dansguardian during the current Dashain holiday.
He is working w/ our other new volunteer, Tony Anderson aka "Master
Yoda" on the XS. Tony is great, he is like you just a few years older ;)
</pre>
<blockquote type="cite">
<pre wrap="">I made a package for Fedora and I was pushing it through the review
process back when I was at OLE, but it got stuck due to licensing
concerns.
Now the RH legal guy approved the package with a small change:
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/show_bug.cgi?id=458643">https://bugzilla.redhat.com/show_bug.cgi?id=458643</a>
If it seems useful for the school server, I might do this remaining
work to get it in Rawhide and maybe backport it to F10.
</pre>
</blockquote>
</blockquote>
Do you guys know a simple url injection is bypassing the dnsguardian.
For case in a point last week I was trying to download few bunch of
.msi files for cygwin. As expected it was blocked by dnsguardain. So I
chnged the URL to something like <a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="http://www.server.com/file.msi">www.server.com/file.msi</a>
to
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.server.com/file.msi?test=123.php">www.server.com/file.msi?test=123.php</a>
and I downloaded bunch of msi
files.<br>
</blockquote>
dansguardian*<br>
</body>
</html>