Hi Roberto, Thanks for such a swift reply. My mistake with the version of Ubuntu, it is 6.06 and not 6.04 as I reported. We installed shorewall with apt-get so I assumed it was installing the latest stable version. Are you saying that different versions of Ubuntu will only install the version of shorewall it was designed with?:)
I understand that nothing is totally protected and that some stuff will sneak by. I run dans at home with smoothwall and every now and then something will sneak in. But at least there is protection for the most part instead of open slather. Thank-you also for the suggestion on https. I will have a look at this issue further and let you know how I go. Once again, thanks for the quick and helpfull reply. Regards, Mike b -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roberto C. Sánchez Sent: Tuesday, 16 October 2007 4:14 PM To: [email protected] Subject: Re: [Shorewall-users] Logon page access On Tue, Oct 16, 2007 at 03:18:46PM +0800, Michael Boughton wrote: > > We have installed and configured Ubuntu Server 6.04. (There is an > issue with 7.04 and the scsi card in the server we are using) We > installed and configured Shorewall firewall (current as of 29/8/07, > installed by "apt-get install shorewall", so I suspect it is 4.X)and > Dansguardian with these instructions from this link: > Well, AFAIK, based on looking at Ubuntu's website, there was 6.04 release, only a 6.06 release called Dapper Drake. Further, their packages page [0] shows the following: * dapper (net): Shoreline Firewall (Shorewall) 3.0.4-1: all * edgy (net): Shoreline Firewall (Shorewall), a high-level tool for configuring Netfilter 3.0.7-1: all * feisty (net): Shoreline Firewall (Shorewall), a high-level tool for configuring Netfilter 3.2.6-2: all * gutsy (net): Shoreline Firewall (Shorewall), a high-level tool for configuring Netfilter 3.4.4-1: all So, if you really are running 6.06, then you are running a version of shorewall that is completely ancient. > > http://www.branchdistrictlibrary.org/professional/ubuntu_and_dansguard > ian_page_3.php > > > With a little bit of extra configuring due to differences in squid > versions, we got things running nicely and now the kids at the school > we are doing this for are protected from inappropriate material and > attacks. Now, this is just a philosophical point (and I say this as someone who does network support for my church and their Christian school), they are not really protected. Or they are actually not totally protected. Make sure that the people in charge of this group or organiztion understand that nothing is perfect and that stuff can still sneak by. > The problem at the moment is that you can go to a web site and that's > fine. But if you try to log onto any website, the browser will just > sit there (after entering the username and password and pressing > enter) and eventually (10 min or more) complain it can't find the > server. I suspect that it is a port issue. If you have a look through > the instruction from the link I have mentioned, then you'll see that > port 443 for https is opened up for use to the net. Do logon pages use > another port? If we redirect the browsers to the old proxy, the logon > pages are instant, so I'm sure it's a config issue either in shorewall > or Ubuntu. > It depends. If the login page for a website uses port 443, then you *must* excplicitly set your Dan's Guardian machine as a proxy for https. The reason is that https cannot be transparently proxied like regular web traffic. That just a guess, but based on your description of the problem, it is where I would start looking. Regards, -Roberto [0] http://packages.ubuntu.com/shorewall -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
