Topic: Way-out request for anyone attemping.....

[RonM]

I don't know how accessible the clients are, or if this will help, but a quick google on "powerschool proxy" finds a few schools posting instructions on how to disable the proxy on the client in order to access the Powerschool site.

Could this be how other schools are handling a similar problem?

RonM

[gregswallow]

> But when I removed DG, it still didn't fix the
> problem

But did you post-upgrade and reboot, that might have been required.

If you have paid for support from Dungog, use it

Probably his rpm added a template into /etc/e-smith/templates/etc/rc.d/init.d/masq/ and you'll have to edit or delete it, removing the entries similar to 'iptables ???? TCP 80 DROP' - something like that.

'rpm -qil nameofrpm' will list what files it has installed if you want to try to figure it out yourself.

[raem]

grattman

>...removing the entries similar to 'iptables ???? TCP 80 DROP'

I believe these are the templates that get used, and yes they do DROP port 80

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/templates/masq/

[kansasdragon]

Grattman..  did you ever get this issue resolved?

I'm battling the same issue on an SME 7 box for a local Catholic School.  Their Diocese instructed all the schools to install the fat client, and now of course it doesn't work.

So, if you solved the issue, and could pass along that answer, you'd save me a lot of heartache...and head scratching.

Thanks..

P.S.  All of the other schools in the Diocese are using Sonicwall Hardware firewall's with content filtering, this is the lone school in the Diocese using an SME server, I used Dungog's Dansguardian installation.

[raem]

kansasdragon

> I'm battling the same issue on an SME 7 box
>...this is the lone school in the Diocese using an SME server,
> I used Dungog's Dansguardian installation

I don't think the problem is that hard to identify. You have installed a contrib (Dansguardian from Dungog) that stops people circumventing
Dansguardian and getting web access via port 80. You are then asking to be allowed access via port 80 to certain web sites (in effect circumventing  Dansguardian).

See the templates mentioned in my post above. I assume you could remove the entries associated with port 80 (& expand templates & restart etc etc), but you then reduce the effectiveness of the contrib.

You could also set up pam auth for certain users who will then bypass dnasguardian filtering, or allow certain computers unimpeded access to the web, but the port 80 iptables rules may still be a problem.

The free version without a web panel (see my HowTo), does not use those templates, so you could temporarily try installing that (uninstall Dungog version first) & see how you go.

Otherwise become a master of iptables rules & write your own.

[mmccarn]

Is it possible to create a template fragement to allow outbound traffic on port 80 to a specific host?  Then the students would still be constrained to use DansGuardian for general web access, but the fat client application could talk to the specified host without obstruction...

I don't understand masq enough to be of much help.   I'd start by searching /etc/init.d/masq for the lines affecting port 80, guess which one is causing my headache, and put a line above it to allow traffic on port 80 to the one off-site server.  If that works, "just" find the template-fragment that creates the "DROP" rule and make a new fragment with your rule that starts with a slightly lower number, expand-template, etc, etc...