Re: [Server-devel] Transparent proxy
Thanks. It is working El 2 de diciembre de 2009 05:41, Martin Langhoff martin.langh...@gmail.comescribió: 2009/12/1 Henry Vélez Molina henry.lap...@gmail.com: make: Nothing to be done for `squid/squid-xs.conf'. Sorry - I missed the obvious: make -f xs-config.make squid/squid-xs.conf cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- Henry Vélez Molina Administrador de red OLPC Fundación MArina Orth Tel :341 23 59 Móvil: 312 769 0169 www.fundacionmarinaorth.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
2009/12/1 Henry Vélez Molina henry.lap...@gmail.com: make: Nothing to be done for `squid/squid-xs.conf'. Sorry - I missed the obvious: make -f xs-config.make squid/squid-xs.conf cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
it does not work *make: Nothing to be done for `squid/squid-xs.conf'.* thanks El 1 de diciembre de 2009 04:01, Martin Langhoff martin.langh...@gmail.comescribió: 2009/11/30 Henry Vélez Molina henry.lap...@gmail.com: Whe I made make -f xs-config.make squid-xs.conf this was the message Try: cd /etc make squid/squid-xs.conf cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- Henry Vélez Molina Administrador de red OLPC Fundación MArina Orth Tel :341 23 59 Móvil: 312 769 0169 www.fundacionmarinaorth.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
2009/11/28 Henry Vélez Molina henry.lap...@gmail.com: We want to prevent strangers in our network. Ok. Then we need something else I think. The proxy stuff won't help there. Short term options: A - Use WPA with PSK. You can add the password by hand on each XO, or add (again by hand) a networks.cfg file that contains the password. B - Whitelist the prefix of the MAC addresses of the XOs. They all start with the same prefix. Can even do it from the XS firewalling rules (rather than the AP). Mid-term options C - Teach idmgr and Moodle to capture the MAC address for whitelisting + a script that adds the MAC address to a firewall whitelist. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
On Sat, 2009-11-28 at 10:11 +0100, Martin Langhoff wrote: 2009/11/27 Henry Vélez Molina henry.lap...@gmail.com: We are working with the XS-0.6 version and for the moment all is working well. We want to disable the transparent proxy, for security, and put it as an intermediary proxy in a different port. That sounds like you want to use something like dansguardian. Jerry's instructions are right. However, the XOs will need to be config'd to use it. The easiest would be to have your new proxy listen on 3128 on the lan and have squid listen on lo only. If you have the iptables rule in place, for transparent proxy, what config would you have to change? A while ago Pia Waugh figured out how to serve the proxy config via DHCP and to make the XOs obey it (you'll have to google for it as I don't have a link, when you find it... maybe add it to the techiques page?) In any case, what is the security issue you're concerned with? cheers, m Jerry ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Transparent proxy
On Sat, 2009-11-28 at 10:11 +0100, Martin Langhoff wrote: 2009/11/27 Henry Vélez Molina henry.lap...@gmail.com: We are working with the XS-0.6 version and for the moment all is working well. We want to disable the transparent proxy, for security, and put it as an intermediary proxy in a different port. That sounds like you want to use something like dansguardian. The easiest would be to have your new proxy listen on 3128 on the lan and have squid listen on lo only. Jerry's instructions are right. However, the XOs will need to be config'd to use it. If you have the iptables rule in place, for transparent proxy, what config would you have to change? A while ago Pia Waugh figured out how to serve the proxy config via DHCP and to make the XOs obey it (you'll have to google for it as I don't have a link, when you find it... maybe add it to the techiques page?) In any case, what is the security issue you're concerned with? cheers, m Jerry ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Transparent proxy
2009/11/27 Henry Vélez Molina henry.lap...@gmail.com: We are working with the XS-0.6 version and for the moment all is working well. We want to disable the transparent proxy, for security, and put it as an intermediary proxy in a different port. Jerry's instructions are right. However, the XOs will need to be config'd to use it. A while ago Pia Waugh figured out how to serve the proxy config via DHCP and to make the XOs obey it (you'll have to google for it as I don't have a link, when you find it... maybe add it to the techiques page?) In any case, what is the security issue you're concerned with? cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
On Sat, 2009-11-28 at 10:11 +0100, Martin Langhoff wrote: 2009/11/27 Henry Vélez Molina henry.lap...@gmail.com: We are working with the XS-0.6 version and for the moment all is working well. We want to disable the transparent proxy, for security, and put it as an intermediary proxy in a different port. That sounds like you want to use something like dansguardian. The easiest would be to have your new proxy listen on 3128 on the lan and have squid listen on lo only. Jerry's instructions are right. However, the XOs will need to be config'd to use it. If you have the iptables rule in place, for transparent proxy, what config would you have to change? A while ago Pia Waugh figured out how to serve the proxy config via DHCP and to make the XOs obey it (you'll have to google for it as I don't have a link, when you find it... maybe add it to the techiques page?) In any case, what is the security issue you're concerned with? cheers, m Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Transparent proxy
On Fri, 2009-11-27 at 12:10 -0500, Henry Vélez Molina wrote: Hi everyone. We are working with the XS-0.6 version and for the moment all is working well. We want to disable the transparent proxy, for security, and put it as an intermediary proxy in a different port. Thankyou for your help. edit /etc/squid/squid-xs.conf.in, after editing, do: cd /etc make -f xs-config.make squid-xs.conf Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel