Dimitri Yioulos wrote:
Have to checked that both servers are within 5 minutes (clockwise) of each other, I know this problem comes up a lot on the censornet forums.On Tuesday April 25 2006 7:36 pm, David Whitmer wrote:Hi to all. I was wondering if anyone's using Censornet. I've installed the latest version on CentOS 3.6. No matter what I try, I can't get it to work. Some info.: I'm using iptables to connect/protect my LAN and DMZ. The interfaces are eth0 (public), eth1 (private, 192.168.100.1/22), and eth2 (DMZ, 192.168.1.1/24). I've given the Censornet box the address 192.168.100.14/22. It's in bridged mode. I believe I have everything configured correctly. Censornet finds and configures the 3COM nics. I've tried different wiring combinations between the LAN, router private interface, and the two Censornet interfaces. Depending on the wiring, I get a) connected to the internet without being authenticated or, b) not connected or, c) (if I specify a proxy in the Web browser, which I'd rather not do) prompted repeatedly for uname and pw without ever connecting; if I cancel the prompt, I'm told I don't have authorization to use the Web. Grrrrrrr! Is anyone using the current version of Censornet in a setting like mine who can show me the error of my IT ways? The help would, as always, be greatly appreciated. DimitriDimitri, Along with checking the Censornet forums, have you also tried their FAQ? (http://www.censornet.com/faq/) Have you tried to access the Internet directly from the Censornet box itself, to make sure it can access the Internet okay? We're not yet using the latest version of Censornet, but at least with ours, you DO have to set the proxy address and port information in web browsers. (Though with K12LTSP, I can just set that once in all.js rather than every individual PC.) By default, Censornet expects web browsers to connect to it on port 8080 (in your case, 192.168.100.14:8080). When the browser first connects, you'll be prompted for a username & password. Here you enter a username & password created through Censornet web-based admin interface. If you just press cancel instead (your option (c) I think), then it will deny web access to that computer. That's the way Censornet is designed to work... it's an authenticating proxy with filtering. Much of its web-access restrictions and reporting are based on usernames. Brian mentioned the Censornet forums. I believe that in the past, setting up transparent proxy-based filtering has been often discussed on their forums. In short, Censornet isn't designed to do that, though it can be "hacked" to make it work that way. I hope this helps! David Whitmer Media and Technology Director Calvary Schools of Holland (Michigan) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>David, Mark, and Brian, Thanks for your responses!I'm guilty of sometimes jumping the gun by not reading FAQs, etc. carefully, then posting a question for which I could have come up with the answer, thus wasting people's time. But, not in this case, I believe. I've read the FAQs, perused the forum, posted my question there, and ... no joy. I've always been impressed with how knowledgeable people are on this list, and how willing to help, so I tgought I'd ask here.I will say that my general set-up here has worked great for nearly two years - iptables/netfilter, samba, sendmail, apache, OpenVPN, Wildfire (Jabber), etc., etc. So, it's been very frustrating trying to set up Censornet and not have it work as expected.In the Censornet Web site, under Support, there's a section called Network Diagrams. I'm trying to set up the second of the schemes, Standard Bridge Mode. The write-up states:"This is the most common form of Bridged CensorNet design. Note that we never recommend the use of Bridge Mode unless you have your own firewall to protect your perimeter. Although the CensorNet still has two network cards, connected in a similar fashion to the Basic Router Mode option, it only has one IP address, purely for administration purposes. The firewall shown in the diagram will have an internal address on the same subnet as the rest of the local LAN."So, just as in the diagram, I've tried this: internet | router | firewall--------DMZ | Censornet | Switch | LAN I've also tried this: internet | router | firewall--------DMZ | Switch | (one or both interfaces connected) Censornet | LANI'm able to get both user and workstation data from our AD server into Censornet. I'm able to reach the Censornet Web admin gui from my workstation. I'm able to ping both my workstation and an outside site from the Censornet box. I've set up the correct address and port in Web browser proxy settings. Depending on how I wire the Censornet box to the firewall and/or LAN, at worst I'm continually prompted for a uname and pw. At best, I'll get a Censornet "Authentication Failed" message.As to this last, there's obviously an authentication problem. Remember, I can see both isers and workstations in the Censornet Web gui. All the proper access permissions are set for both. But, I have no idea whether it's an iptables issue or a Censornet issue. A perusal of the logs on both systems shows nothing.Arrrrrgh!I'll take a look at the Freshmeat article. Now, I don't want to take up anyone's time needlessly for what is. at best, a narrow problem. But, it sure would be nice to get the blinkin' thing workin'.Dimitri
Brian ---------------------------------------------------------------The views expressed here are my own and not necessarily the views of Portsmouth College