Thanks to this group, we have our new server (not the test pc we have
been testing with) up and running with Squid/Samba/DG. Proof to anyone
that after 100 times of building it, it can be done in an hour! We
even have groups working with the dansguardianfX.conf files! What a
great thing to hand someone a winterm and say, "Here.. oh and by the
way, you can get to these 7 sites and that is it." I have read this
list the whole time and all of the advice is fantastic!
Our next
goal is to use our firewall to block all outbound port 80 traffic
except for our servers (and a couple other things). This works great
in our test except for a couple of sites... Yahoo mail (as well as Hot
mail) being the biggest one. I have sniffed the attempts, and it seems
that someone going through the squid to yahoo email goes through,
get authenticated to AD, but then they go out to the internet without
going through the squid/dg box? It is pretty
obvious while capturing traffic on the laptop that after it goes through squid, it goes straight out to the internet... and the laptop I am testing on works just fine when we remove
the block on the firewall.
To get around this, I have tried to
put in the squid acl's that the if a user is going to the yahoo domain, they don't need to be
authenticated.. but that doesn't seem to help. I was going to use
rules on the firewall to allow anyone going to yahoo or hotmail, but
yahoo alone has most of the 68.142.x.x/22 and I haven't even started
getting the hotmail stuff together.
I am going to post a similar question on the dg list, but I figured dg and squid go hand in hand for most people.
Thanks again to everyone for help in getting us this far!
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
Received on Wed Dec 06 2006 - 07:27:56 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST