[Server-devel] A quick networking question

rolf rolf at sugarlabs.org
Wed Feb 29 07:47:13 EST 2012


On Wed, 29 Feb 2012 07:36:27 -0500, Holt <holt at laptop.org> wrote:
> Thanks Wad you fixed the problem:
> We did not know squid was running on the XS Tony Anderson installed (0.6

> derivative I believe) early autumn 2011.

The XS redirects all traffic coming from the LAN to squid. You can check
out the config at /etc/sysconfig/iptables This is done for all conections
from the LAN interface if i'm not mistaken (it doesn't filter subnets or

> Why our XS continue to resolve & offer free/accurate DNS to any random 
> laptop that connects over Wifi is disconcerting, if anyone can explain?

The firewall is set up to allow all conections directed to it.. (iptables
INPUT chain).. You got to block other ports when you set upt ip_forward to
0, because only port 80 is redirected to squid, the rest is forwarded

> But at least the critical problem of giving away free web access (to 
> rich visitors, rather than Haitian XO users) is solved for now!

The secure way of filtering is getting the XOs MAC, and configure the DHCP
(to lease a specific IP allways) and to allow forwarding and redirecting
ONLY for the MAC with the correspondant IP. This is very fine grained work
though, there could be other methods.



More information about the Server-devel mailing list