Thanks Wad you fixed the problem:
We did not know squid was running on the XS Tony Anderson installed (0.6
derivative I believe) early autumn 2011.
Why our XS continue to resolve & offer free/accurate DNS to any random
laptop that connects over Wifi is disconcerting, if anyone can explain?
But at least the critical problem of giving away free web access (to
rich visitors, rather than Haitian XO users) is solved for now!
On 2/28/2012 4:43 PM, John Watlington wrote:
On Feb 28, 2012, at 1:05 PM, Holt wrote:
Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect
over Wifi.
Traffic across all other ports (incl 443 = https) is thankfully blocked, though
I've no idea why/how unfortunately ;)
Sounds like your problem is squid. Your firewall is probably blocking
FORWARDS from non-XOs,
but routing all http traffic into squid. You instead need to only route XO
http traffic into squid.
What version school server software ?
Cheers,
wad
On 2/28/2012 12:49 PM, Holt wrote:
On 2/28/2012 12:29 PM, George Hunt wrote:
In Haiti, Adam and I have been trying to get a school server online. We're
finding that volunteers are going through the school server to the internet
with their laptops, and he wants to turn that off, at least for now.
I've turned off /proc/net...ip_forward and verified that there is no masquerade
enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up a
gateway, so I had him turn off the vpn. But still the school server was
routing to the 3G usb modem dongle even with the vpn pipe closed down.
How does the school server act like a router? It may be related to the ppp
connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really wants to
get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to be to pull
out the 3g dongle.
Interestingly the XS(*) creates an open path for any random non-XO laptop to
access the web, but seems to block non-web traffic like ssh and IMAP.
In any case, even if it's just forwarding port 80 and 443 (?) we just cannot
afford to become a free ISP here in semi-rural Haiti, given so many visitors to
our school especially.
(*) XS as set up by Tony Anderson early autumn 2011, and currently maintained
by George Hunt& I.
--
Help kids everywhere map their world, at http://olpcMAP.net !
_______________________________________________
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
--
Help kids everywhere map their world, at http://olpcMAP.net !
_______________________________________________
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
