On Tue, Oct 16, 2007 at 03:18:46PM +0800, Michael Boughton wrote: > > We have installed and configured Ubuntu Server 6.04. (There is an issue > with 7.04 and the scsi card in the server we are using) We installed and > configured Shorewall firewall (current as of 29/8/07, installed by > "apt-get install shorewall", so I suspect it is 4.X)and Dansguardian > with these instructions from this link: > Well, AFAIK, based on looking at Ubuntu's website, there was 6.04 release, only a 6.06 release called Dapper Drake. Further, their packages page [0] shows the following:
* dapper (net): Shoreline Firewall (Shorewall)
3.0.4-1: all
* edgy (net): Shoreline Firewall (Shorewall), a high-level tool for
configuring Netfilter
3.0.7-1: all
* feisty (net): Shoreline Firewall (Shorewall), a high-level tool for
configuring Netfilter
3.2.6-2: all
* gutsy (net): Shoreline Firewall (Shorewall), a high-level tool for
configuring Netfilter
3.4.4-1: all
So, if you really are running 6.06, then you are running a version of
shorewall that is completely ancient.
>
> http://www.branchdistrictlibrary.org/professional/ubuntu_and_dansguardian_page_3.php
>
>
> With a little bit of extra configuring due to differences in squid
> versions, we got things running nicely and now the kids at the school we
> are doing this for are protected from inappropriate material and
> attacks.
Now, this is just a philosophical point (and I say this as someone who
does network support for my church and their Christian school), they are
not really protected. Or they are actually not totally protected. Make
sure that the people in charge of this group or organiztion understand
that nothing is perfect and that stuff can still sneak by.
> The problem at the moment is that you can go to a web site and
> that's fine. But if you try to log onto any website, the browser will
> just sit there (after entering the username and password and pressing
> enter) and eventually (10 min or more) complain it can't find the
> server. I suspect that it is a port issue. If you have a look through
> the instruction from the link I have mentioned, then you'll see that
> port 443 for https is opened up for use to the net. Do logon pages use
> another port? If we redirect the browsers to the old proxy, the logon
> pages are instant, so I'm sure it's a config issue either in shorewall
> or Ubuntu.
>
It depends. If the login page for a website uses port 443, then you
*must* excplicitly set your Dan's Guardian machine as a proxy for https.
The reason is that https cannot be transparently proxied like regular
web traffic. That just a guess, but based on your description of the
problem, it is where I would start looking.
Regards,
-Roberto
[0] http://packages.ubuntu.com/shorewall
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
