Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 10:07:00 pm

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  internal and external proxy/content filtering?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: internal and external proxy/content filtering?  (Read 14226 times)
lschafroth
Jr. Member
*
Offline Offline

Posts: 7


« on: Thursday 29 September 2011, 12:26:42 pm »

We currently use a Sonicwall firewall (shudder!) and a M86 content filter with its horrible constantly crashing Mobile client.
I would like to replace them with the Endian firewall.  I was wondering if it would be possible to use the proxy server on the LAN and WAN port of the endian firewall to simulate a mobile client for the 1 to 1 laptops. (students)

I could use a url to access the the proxy. This way the internal DNS server points them to the internal LAN IP for the proxy server and content filtering.
I could then have a public dns setting that points them to the WAN interface to get proxy access and content filtering.

I can force the proxy settings on the Mac computers and configure firefox to do the same since it does not follow the rules of the OS proxy settings,

The M86 client causes about 4 kernal panics a day on the Mac computers.  We use the Mac Open Directory/LDAP.  We could have the students and staff authenticate to get to the internet.

Any suggestions?

We have a full class C of public WAN ips we could use.

Lannie
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Friday 30 September 2011, 03:02:50 am »

By mobile clients you mean people that are outside your net, on internet, or just people that uses a Local WiFi?
If everything is local you can just use BLUE zone to do all the Wireless stuff, and leave WAN for what it is, Internet Access.

If people is outside you area and you want they always have your content filtering enabled, maybe you can create a Port forwarding rule and send the data to Endian proxy (port 8080). Then on clients enable proxy and use the EndianIP:8080 as proxy. This maybe works, I don't know. But you must know that everybody on internet can reach that port, so you must ensure that authentication credentials are secure enough to avoid any misuse.

On external (roaming users) I never tried to give content filtering that way. I always created VPN clients to get my external users inside my Net, it's more secure.
The problem with that is that content filtering will be enable only when VPN tunnel is on.
Logged
lschafroth
Jr. Member
*
Offline Offline

Posts: 7


« Reply #2 on: Tuesday 04 October 2011, 02:17:38 pm »

The reason I want this is for 1 to 1 laptops. The laptops will use the LAN content filtering when at the school. When the students take the computers home for the night, I want them to be filtered outside of the network as well.  The computers will be managed and they will be unable to change any proxy settings.

I assume I could have a dns entry for the internal side using a local dns server. Have that point to the LAN ip, then a public dns entry so when they are outside they get the wan ip.

Lannie
Logged
lschafroth
Jr. Member
*
Offline Offline

Posts: 7


« Reply #3 on: Wednesday 12 October 2011, 12:10:57 am »

I'm seeing little to no replies in these forums so we have decided to move on to something else. We will need something with good backing.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #4 on: Saturday 15 October 2011, 04:34:36 am »

True, maybe you can test ClearOS or pFsense, I think they have better support.
By changing things (Squid and rules from Access Firewall) you can get a working proxy from outside, but not with the standard config on Endian.

The DNS is not a problem, on Edit Hosts you can mask a public hostname (i.e.  proxy.domain.com that points to a public IP X.X.X.X) to a local IP, like 192.168.Y.Y, so both your internal and external  users always have the correct IP for the proxy.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.102 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com