On Feb 28, 2012, at 1:05 PM, Holt wrote: > Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that > connect over Wifi. > > Traffic across all other ports (incl 443 = https) is thankfully blocked, > though I've no idea why/how unfortunately ;)
Sounds like your problem is squid. Your firewall is probably blocking FORWARDS from non-XOs, but routing all http traffic into squid. You instead need to only route XO http traffic into squid. What version school server software ? Cheers, wad > On 2/28/2012 12:49 PM, Holt wrote: >> On 2/28/2012 12:29 PM, George Hunt wrote: >>> In Haiti, Adam and I have been trying to get a school server online. We're >>> finding that volunteers are going through the school server to the internet >>> with their laptops, and he wants to turn that off, at least for now. >>> >>> I've turned off /proc/net...ip_forward and verified that there is no >>> masquerade enabled in the iptables. >>> >>> But that's not enough!! I wasn't sure that the vpn wasn't setting up a >>> gateway, so I had him turn off the vpn. But still the school server was >>> routing to the 3G usb modem dongle even with the vpn pipe closed down. >>> >>> How does the school server act like a router? It may be related to the ppp >>> connection and wdial configuration. But I'm stumped. >>> >>> But I'm trying to bring myself up to speed quickly because he really wants >>> to get it turned off. >>> >>> Any ideas on what to try next? I'm afraid the solution is going to be to >>> pull out the 3g dongle. >> >> Interestingly the XS(*) creates an open path for any random non-XO laptop to >> access the web, but seems to block non-web traffic like ssh and IMAP. >> >> In any case, even if it's just forwarding port 80 and 443 (?) we just cannot >> afford to become a free ISP here in semi-rural Haiti, given so many visitors >> to our school especially. >> >> (*) XS as set up by Tony Anderson early autumn 2011, and currently >> maintained by George Hunt & I. >> >> -- >> Help kids everywhere map their world, at http://olpcMAP.net ! > _______________________________________________ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
