Re: [Server-devel] Filtering and authentication
On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron wrote: > > A free and simple solution, while not bullet proof (no content filter is > that I am aware), is Open DNS. They are even CIPA compliant in the US: > http://www.opendns.com/solutions/k12/ > That's what I set up for our pilot school, which was very easy as the XS's DSL connection has a static IP. OpenDNS provides different filtering options, which you can customize as necessary. Being in the US, CIPA compliance is absolutely vital to retain certain federal funding, and OpenDNS was the quickest and easiest way to accomplish that. Dansguardian can be CIPA compliant, but there are other steps involved and I was wary of unintentionally running afoul of the rules. http://dansguardian.org/?page=faq#15 Not to mention Dansguardian consumes server resources. OpenDNS doesn't use any server resources and you can easily configure the filtering to be CIPA compliant. http://www.opendns.com/solutions/k12/cipa/ As far as limiting the internet connection to authorized XOs, that's an issue we're probably going to run into at some point once we broaden the XS deployment. So far at the pilot school, the staff members connect to the internet with their personal laptops and iPhones, but I haven't really heard any complaints of abuse yet. If your deployment is relatively small, it should be easy enough to add the hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown machines (or play pranks on them as suggested at http://www.ex-parrot.com/~pete/upside-down-ternet.html). Anna Schoolfield Birmingham ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
Martin Langhoff wrote: On Sat, Apr 25, 2009 at 11:15 PM, david wrote: maybe the connection with the public Internet can be pointed to an online proxy service so the filtering is done online That is my strong recommendation. There is little benefit in having the filtering happening locally, and lots of downsides. Search the list archive for 'dansguardian' or 'squidgard' for earlier discussions on this topic. A free and simple solution, while not bullet proof (no content filter is that I am aware), is Open DNS. They are even CIPA compliant in the US: http://www.opendns.com/solutions/k12/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
On Sat, Apr 25, 2009 at 11:15 PM, david wrote: > maybe the connection with the public Internet can be pointed to an online > proxy service so the filtering is done online That is my strong recommendation. There is little benefit in having the filtering happening locally, and lots of downsides. Search the list archive for 'dansguardian' or 'squidgard' for earlier discussions on this topic. > Secondly, can we add password authentication to XOs logging on to the XS? The > issue is again unauthorised access to the Internet through the XS. Automagic authentication (no password required, the XO magically authenticates against the XS) is coming soon in 0.6. It won't prevent access to the internet, but there are some hopes that I'll be able to work on that after 0.6. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Eth 1 swap issue 0.5
Hi David, great to hear that you're looking after those early XSs! After the upgrade, the interfaces _may_ be swapped. If that's the case, run xs-swapnics once and reboot. The interfaces should come up right. Naturally, you can't do this remotely :-/ cheers, m On Sat, Apr 25, 2009 at 11:23 PM, david wrote: > Martin et al, > > I am about to upgrade the Nauru 0.4 server overnight and want to know about > any remaining issues with 0.5, remember there was an issue with having to > swap the two Ethernet ports, when Eth0 is used for Internet and Eth1 for the > APs? Or something? Does the latest version 0.5.2 correct that? > > > David Leeming > Leeming International Consulting > P.O. Box 652, Honiara, Solomon Islands > Tel: (677) 76396 > About me: http://wikieducator.org/User:Leeming > > > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel > -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
