[Server-devel] Nepal Server Open Issues

Greg Smith (gregmsmi) gregmsmi at cisco.com
Tue Feb 12 15:06:06 EST 2008

Hi Sulochan,
Good info, thanks! 
Adding the server list back in for more comment.

One key questions: Will you have one DSL line or two going in to the
On your network diagram http://blog.olenepal.org/index.php/archives/138
a few comments:

1 - It looks all wireless in the school. It may be better to add a hub
and cables between wireless AP, XS and Squid. I think that's the
recommended design. Just get a good hub and have a back up. I hate it
when the cheapest box in the design fails and brings the whole network
down! Could be you don't want to pull cables in the school and that's a
reason to go wireless.
Regardless, if you have a wireless AP in addition to active antennas,
you need to make sure that the XOs ONLY associate to the active
antennas. Martin recommended turning on WEP in the wireless AP so XOs
can't connect without a key. If XS fails then you can turn off WEP and
XOs will associate with the wireless AP (after clicking on icon) and
have access out again. One downside is no filtering (blocking sites) in
that case.
A few things to test ASAP on that front. Can an XS connect to wireless
AP and Internet using WEP? Which wireless NIC will it use (active
antenna or one on a USB port)? Same for the squid box.
2 - The squid on its own box helps but you need to work out the network
between it and the XS. The main point is to ensure all traffic goes in
this order:
XO <-> XS/default gateway <-> Squid <-> Internet 

If you have a router you could turn on WCCP and that solves the problem.

For example:
but now your network is more complicated. WCCP is also not foolproof for
blocking bad sites.

Another choice is to add a proxy config in the XO browser and point that
to the Squid IP. See:
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers not sure if XO
browser can do that.

Last option is to use IP tables config on XS. Essentially the same
config as available now with Squid IP in place of XS IP listening on
port 3128
html This is probably the  simplest but I'm not very familiar with it so
could use more comment...

Too many choices :-) HTHs.

BTW I think we can segment the Mesh and tie Xos to a specific XS. Found
this link: http://wiki.laptop.org/go/Mesh_Network_Details  but still
need to research and spell out config example.


Greg S


From: sulochan acharya [mailto:sulochan at gmail.com] 
Sent: Tuesday, February 12, 2008 1:14 PM
To: Greg Smith (gregmsmi)
Subject: Re: [Server-devel] Nepal Server Open Issues

Hi Greg,

	Here's what I see for phase 1:
	- XS build 150 (unless Wad or someone else comes up with a must
	reason and stable build in time)
	- No SSO (also means no Moodle tracking by student, grade or
	- 2 x XS servers
	- No automated XO backup on XS

>> That sounds good :) 

	Let me know if you agree and we can revisit all in phase 2 with
a newer
	XS build.
	Still open questions on phase 1:
	1 - Network design.
	I think we need this based on Wads comment it's the only one
	for >150 Xos:
	(ISP)-------------(hub)---------eth0 [XS] eth1 ------------

	XO ]

>>I agree this is a good network structure.
Please take a look at  my blog post:
Let me know what you guys think.

More information about the Server-devel mailing list