Shaya said: -- I am currently using a debian system to masquerade all the traffic from my high school's win95 lan to the internet. This is ok for a temporary manner, but my school wants me to implement a way to track where all the students are going, can't have them going to sighs which arn't kosher, if you know what I mean. Well, is there a way to do this, in that they authenicate themselves to the debian box, with a username and password, and the proxy server will record wherever they go (until the logout). or is there an easier way. --
I help a school district do very much the same thing. I use 'squid' (not the debian one because it does not support 'proxy-authentication' but the newer one from http://squid.nlanr.net). The apache 'proxy' module was not capable of doing authentication when I checked a few months ago. I use masquerade but only to open 'holes' for specific physically secure machines, e.g. mail servers. Everyone has a username/password checked via proxy-authentication for http/ftp access. The squid access log tracks where they go, and try to go. The logs are accessible only to the administrator and looked at only if a 'problem' is reported. We will use 'dhcp' to link ip addresses to hardware addresses. I haven't quite figured out how to verify that someone hasn't altered the ip address after bootup though... Everyone signs an acceptable use agreement in which it is made plain that they should have no expectation of privacy in their access to the internet from school. Although this may seem extreme, it allows us to not censor access in advance, but rather have the means to resolve reported problems by knowing who did what when and from which machine. They can use home or public library machines if they want private access. ml -- Michael Laing, President _|_|_|_| _| _| _| _|_|_| Foster Laing & Noonan, Inc. _| _| _|_| _| _| [EMAIL PROTECTED] 207.832.6372 _|_|_| _| _| _| _| _| Internet Software Developers _| _| _| _|_| _| _____and Consultants__________| _|_|_|_| _| _| _|_|_| -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
