2012-02-11 - Re: [GRASE-Hotspot] squid and opendns

Header Data

From: Oscar Saiz <os***z@telefonica.net>
Message Hash: 33ebc5521cf08f6bbcddf73f011aaad0112a6e3623d43d0f702544946ddd9317
Message ID: <8D6C90B6121A464AB16475F2E588C1C3@PC>
Reply To: <4F35B16A.5060508@gmail.com>
UTC Datetime: 2012-02-11 02:01:30 UTC
Raw Date: Sat, 11 Feb 2012 10:01:30 +0100

Raw message 

Hi Tim,
firstly thanks for your answer and It’s clear for me now but I have others questions.
You say that the “Grase Hotspot is installed with OpenDns family filter” but should I configure my DNS router too or it’s not necessary? I don’t know if it’s possible that someone could change his DNS and he could avoid the OpenDNS.
Second thing is that I’ll use your Grase Hotspot in a little school and I think that I’ll had about 300 people trying to connect to the Internet. Could I still use this OpenDNS? Because I don’t know if it is only for home network.

Thanks 
Regards




From: Tim White 
Sent: Saturday, February 11, 2012 1:08 AM
To: GRASE Hotspot General Discussions 
Cc: Oscar Saiz 
Subject: Re: [GRASE-Hotspot] squid and opendns

On 11/02/12 02:08, Oscar Saiz wrote: 
  Hi Tim!
  I have a question for you, perhaps a stupid question.
  I’ve updated the tree packages that you pushed up recently (grase-conf-squid3 - grase-www-portal - grase-conf-dnsmasq) and I can see that something have happened with my squid.
  I had some ACL to avoid that my users could surfing some pages in the Internet, and to avoid that they could use some words like porn, sex, ...  and it doesn’t work now. I’ve seen that the reason is because my squid3.conf.grase has been renamed and now I have a new squid.conf.grase.
  Then if I try to surfing a porn page I obtain a message from opendns (www.blocked-website.com) which says that I can’t visit that page.
  Is it normal? Why is the reason because these filters  are activated? What should I do if I don’t want that opendns blocks those pages?

  Regards

Hi Oscar.
Not a stupid question at all.
For now, changes to squid.conf.grase aren't supported, but I hope to be able to support them in some way in the future. (If you do make changes, backup your changes so when it gets overwritten, you can revert the changes you need). Ideally, I'll be making a dansguardian package to do the filtering, and let squid just do the proxing. Before I released Grase, I did use Dansguardian infront of squid, but took that out before the release due to it being difficult to setup Dansguardian and adjust its filtering (and some people wouldn't want the strict filtering I was using).

The reason the OpenDNS is blocking things, is because the default DNS server the Grase Hotspot installs with, is the OpenDNS family filter. You can change that in the Admin interface, under network settings. If you don't want this filtering, you can change the DNS servers to your own ISP servers, or to the OpenDNS normal servers. You can even setup OpenDNS so you can customise the filtering it provides.
The 2 reasons I defaulted to OpenDNS family filter, is that firstly it provides a reasonable level of filtering out of the box, which is useful for people new to setting up any filtering, and secondly, it provides "good" DNS servers that we can rely on being stable. It's not uncommon to setup a router for a client, and discover that ether the upstream modem's DNS server, or the ISP's DNS server, do funky/dodgy things and end up causing half your problems! (And this was also the reason for the grase-conf-squid package change recently).

I hope that helps.

Thanks

Tim

Thread