[KLUG Members] choice of i-filter/firewall/squid box
Bruce Smith
members@kalamazoolinux.org
Thu, 01 Apr 2004 22:37:35 -0500
> I am asking for some guidance on a choice of /firewall/squid/& internet web
> filtering/ for a small school lab environment. There is already a Windows
> 2000 server and a separate Printserver locked in place, along with WinNT
> boxes for teacher access.
>
> There have been many positive responses with a tryout of an LTSP & thin
> client setup. Now there is a requirement to install a box between the
> broadband cable modem and the rest of the school's internal LAN to filter
> Internet access.
>
> My first choices have been a second box with an LTSP install with
> squid/squidguard/shorewall and two ethernet NIC's. Other possibilities are
> a box with Devil-Linux, if I can run squid and squidguard on it. There
> might be other suggestions.
Since you mention Devil-Linux, I'll give you the rundown.
I run Squid on a Devil-Linux server at my company, and have been for
quite awhile. It works perfect. I have never run Dan's guardian, so I
can't comment on how well it does or doesn't work.
Personally I have squid setup to force people to authenticate themselves
in order to access the internet. Weekly I run the squid logs through
SARG and serve them up in Apache for everyone to see on our intranet.
If someone is caught screwing off on work time or surfing porn, their
internet privileges are revoked. That may not work for every place (or
you), but it is very simple and works for us.
Back to Devil-Linux. Squid is included in the stable (1.0x) release.
Dan's Guardian, SARG, and Apache have all been added to the 1.1x beta
release. If you want to buy a Devil-Linux CD from KLUG, I'm willing to
custom compile you a snapshot of the 1.1 release with all those goodies.
Email me privately if you're interested. This happens to be a very good
time to get a stable snapshot since CVS changes have been very slow the
last week or two, and those CVS updates have been minor bug fixes. Plus
all recent security advisories (openssl) have been updated. Of course
that could change tomorrow if Heiko decides to start screwing with
something new ... :-)
- BS