Re: [Server-devel] server ecurity

2009-09-22 Thread Martin Langhoff
2009/9/21 Jerry Vonau jvo...@shaw.ca: Your proxy is slow to re-load the iptables rule-set? How many lines? No no. You got a mixup there :-). Adding/removing rules from iptables is fast -- we can create a new chain and add rules, flush it, etc. So we can manipulate rules there hot. For the

Re: [Server-devel] server ecurity

2009-09-22 Thread Martin Langhoff
2009/9/22 Henry Vélez Molina henry.lap...@gmail.com: ¿wheres is the moodle file with the XO´s registration? Some info in /home/idmgr/identity.db , and you will want to hook into /var/www/moodle/web/auth/olpcxs/auth.php which is the code that handles the automagic login. When the login succeeds,

Re: [Server-devel] server ecurity

2009-09-22 Thread Iñaki Arenaza
Martin Langhoff martin.langh...@gmail.com writes: For the proxy, we are using Squid. If the solution we build depends on adding/removing rules from Squid, and that happens to need a squid restart, we will be in a world of pain. So we either avoid this, or switch http proxy. You can use

Re: [Server-devel] server ecurity

2009-09-22 Thread Jerry Vonau
On Tue, 2009-09-22 at 12:05 +0200, Martin Langhoff wrote: 2009/9/21 Jerry Vonau jvo...@shaw.ca: Your proxy is slow to re-load the iptables rule-set? How many lines? No no. You got a mixup there :-). Adding/removing rules from iptables is fast -- we can create a new chain and add rules,

Re: [Server-devel] server ecurity

2009-09-21 Thread Martin Langhoff
Hi Henry! 2009/9/19 Henry Vélez Molina henry.lap...@gmail.com: Our server is working very good with 0.5.2 version. But now, we have a big network in the neighborhood that is coming to the children´s houses through each access point. For that reason we need to have a big security on the

Re: [Server-devel] server ecurity

2009-09-21 Thread Jerry Vonau
On Mon, 2009-09-21 at 10:39 +0200, Martin Langhoff wrote: Hi Henry! 2009/9/19 Henry Vélez Molina henry.lap...@gmail.com: Our server is working very good with 0.5.2 version. But now, we have a big network in the neighborhood that is coming to the children´s houses through each access

Re: [Server-devel] server ecurity

2009-09-21 Thread Martin Langhoff
2009/9/21 Jerry Vonau jvo...@shaw.ca: Don't hand out the gateway address from the dhcp server? Limit access to the net based on the mac addresses of OXs that are known to the XS maybe? Cron script to change the iptables rules outside of school hours maybe? Tell us what you would like to

[Server-devel] server ecurity

2009-09-19 Thread Henry Vélez Molina
Hi everyone Our server is working very good with 0.5.2 version. But now, we have a big network in the neighborhood that is coming to the children´s houses through each access point. For that reason we need to have a big security on the server to prevent access to unknown users to internet.