Author Topic: content proxy on MCE Core  (Read 4932 times)

thedaver

  • Regular Poster
  • **
  • Posts: 19
    • View Profile
content proxy on MCE Core
« on: January 27, 2009, 04:02:50 pm »
If I follow the networking for MCE/core correctly, the preferred network configuration is to use the Core as the router/firewall behind my DSL (core's external network) and to have core provide DHCP and network QoS to the internal network. 

I can certainly abide by that for wired devices such as MDs and NASs for MCE.  However, I also have a wireless router that provides DHCP to laptops that browse through a SafeSquid proxy machine (content filtering for the kiddies).

I envision a few network designs.

1) Hang core's external network connection behind the wireless' hub with a static assignment in 192.168.0.0 range outside of DHCP range for other clients.  Allow core to provide wired clients with DHCP as suggested by MCE docs in 192.168.80.0 or other range.

2) Hang core's external network connection behind the DSL modem, put wireless router as a static IP on the core's internal wired network, and manage the laptop's DHCP range within the same range as core, but separate from the range core offers...  Thus core would offer 192.168.80.0->50 (I can configure that right?) and have wireless offer 192.168.80.100->150.

I know you gurus beat this network issue down all the time, I'm trying to understand where I risk making MCE install harder versus making it harder to have content proxy in the network... 

The second scenario, if recommended, begs the question, what's been tried concerning a content proxy on the core?
Thanks!

tschak909

  • LinuxMCE God
  • ****
  • Posts: 5549
  • DOES work for LinuxMCE.
    • View Profile
Re: content proxy on MCE Core
« Reply #1 on: January 27, 2009, 06:10:07 pm »
*hmm* why must you make it complicated?

Install one of the many squid filtering proxies available in ubuntu... dansguardian, squid, something... Use apt.

-Thom

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: content proxy on MCE Core
« Reply #2 on: January 27, 2009, 10:35:48 pm »
and the short answer is, put your wireless router on the internal network - this is the same answer to all these questions. Always put everything on your internal network. And don't worry about it - just make sure you turn off any other DHCP server on the wireless router or anything else you put on the internal network. Let the core provide DHCP... all the rest above is thinking too much. Stop it! You don't need to think about this, turn off the wireless's DHCP and plug it in... done!

indulis

  • Veteran
  • ***
  • Posts: 147
    • View Profile
Re: content proxy on MCE Core
« Reply #3 on: January 28, 2009, 01:03:29 am »
Colin,

I think the question was about an ADSL modem that has wireless built in to it, so if you want other wireless devices in the house, they need to contact a DHCP server.  If the device is wireless it would need to contact a DHCP server that is accessible on the wireless network.  I haven't thought in depth about this but thought for my own setup I'd have

ADSL Modem/router----wired network #1----LMCE core---wired network#2----Ethernet switch----wired devices
      |                                                                                                                         (DHCP from LMCE core or static)
      |
      |
     /|\   - - - - wireless net - - - - wireless devices (DHCP from ADSL modem/router)

With a combination ADSL modem/router/wireless, how could I put the router's wireless function on the internal network on the right hand side of the LMCE core?   By definition the attachment between the LMCE core and the ADSL router is on the external network, and it is not possible to "split" the ADSL router's wired and wireless components apart to make them live on different network address ranges.

In this (common) situation there seems to be no alternative but to turn off the LMCE core firewall.

I also don't think it is realistic to accept that everyone will give up all their applications that they have set up and are happy with (like content fltering) just 'cos they want to install LMCE in their house.  It should be possible to make LMCE fit in with an existing installation and not require substantial changes to everything else in someone's house- at least for the reason that LMCE is supposed to be "appliance-like", and requiring everything else to change once you plug it in implies a tech savvy user which sorta defeats all of the effort to make LMCE an appliance.

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: content proxy on MCE Core
« Reply #4 on: January 28, 2009, 01:30:34 am »
indulis - that is far from clear in the original post. In fact he says "I also have a wireless router" which suggested to me it was a separate device, and that is how I answered. But if it is the same device, then that can be left on and PC attach to it, and it provide DHCP services exactly as it currently does, without effecting LMCE at all. You have to accept that in this configuration, these devices will not be able to interact with LMCE without making config changes. One of which, you are right, would be to setup specific rules on the firewall to allow access (turning it off is highly inadvisable as this disables the "NATing" functionality as well, which can be very useful/essential for inbound connections). Also, pnp will not work, etc.

In short, you would have to do some re-engineering of the environment which is likely to cause you headaches later. My advice (obviously!) would be to do what I did in the same situation - I just disabled the wireless on my ADSL router and bought a cheap AP and placed it on the internal network. For the sake of headaches, loss of functionality and literally a handful of dollars, it was the best decision I ever made in LMCE-land!

To answer your question, on splitting out the wireless functionality - no, realistically I don't think it will be possible. I have a high(est) end Billion modem and I went into some considerable detail with their support to work out if I could use the VLAN'ing functionality and port mapping to separate out the wireless LAN interface and place that on the internal network. The answer was "no". You can do something like this with the wired ports, but the wireless interface is permanently bridged onto the same switch domain. I suspect that this highly specific configuration is beyond most ADSL modems.

I think, by far, my solution of a one-off payment of 20-30 bucks for an AP provides the most flexible, simple and uncompromised solution - its a matter of biting the bullet! But you do have the option, if you are masochistic enough, you can work around... your choice :)

Zaerc

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 2256
  • Department of Redundancy Department.
    • View Profile
Re: content proxy on MCE Core
« Reply #5 on: January 28, 2009, 02:07:57 am »
...
In this (common) situation there seems to be no alternative but to turn off the LMCE core firewall.

I also don't think it is realistic to accept that everyone will give up all their applications that they have set up and are happy with (like content fltering) just 'cos they want to install LMCE in their house.  It should be possible to make LMCE fit in with an existing installation and not require substantial changes to everything else in someone's house- at least for the reason that LMCE is supposed to be "appliance-like", and requiring everything else to change once you plug it in implies a tech savvy user which sorta defeats all of the effort to make LMCE an appliance.

There are plenty of alternatives, just none we feel like actively supporting as the basics work fine for everyone, so if you want more you'll have to figure some things out for yourself (and somehow the people that need this so badly can't be bothered to document it or help others).

I also don't feel like discussing this over and over and over, again and again.  Especially with someone who can't even be bothered to read the questions he's answering properly to start this discussion up again.
"Change is inevitable. Progress is optional."
-- Anonymous


indulis

  • Veteran
  • ***
  • Posts: 147
    • View Profile
Re: content proxy on MCE Core
« Reply #6 on: January 28, 2009, 04:34:18 am »
Actually from the original post it is not clear if it is a standalone wireless router or a combined ADSL wireless router.  It is also not possible for you to know, so your point about my not reading the original post is purely flame.  In fact, it is clear you did not actually read my post.

I went on to talk about my situation where I am using a combined ADSL wireless router, and posed the question about how this would be handled
Quote
but thought for my own setup I'd have...

The second point of my post is that asking someone to change their content filter just because they want to put in LMCE does not seem reasonable.  It also discourages people from using LMCE if it putting it in is an "all or nothing" situation.  Perhaps it would be more productive to talk about whether there is any way to address the networking and content  filter rather than just flaming me (again).  Other people seem to be able to talk about this normally and be helpful to both the original poster and me (thanks Colin!).

It is not as if I have not been documenting what I have been doing and trying to assist other users.  I just happen to think that there are contradictions inherent in LMCE.

If you don't like some of my opinions, well that is your prerogative.  But every post from you is aggressive and a personal attack.  And not just to me. You have also edited my Wiki contributions to scare people off from using the information that both I and other people have used to make our LMCE systems work better (case in point, the entry on updating the kernel, which you wrote "would cause the system to become unstable", whereas following the procedures actually has made my system much more stable).

thedaver

  • Regular Poster
  • **
  • Posts: 19
    • View Profile
Re: content proxy on MCE Core
« Reply #7 on: January 28, 2009, 01:35:09 pm »
For clarification (and to quench any flames):
- standalone DSL modem
- standalone wireless router (linksys wrt45g if memory serves)

I'm happy to move the content proxy into MCE core - my question was based on not having found any references to enabling a content proxy and whether that risked breaking things.

In my own defense, I'm still trying to get my arms around any software rules that would require/support changing my network.  I think I have that guidance now.  Sorry if any ambiguity in my question created strife, and I very much appreciate all points of view being offered... including K.I.S.S....  :D

Zaerc

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 2256
  • Department of Redundancy Department.
    • View Profile
Re: content proxy on MCE Core
« Reply #8 on: January 28, 2009, 03:55:20 pm »
Actually from the original post it is not clear if it is a standalone wireless router or a combined ADSL wireless router.  It is also not possible for you to know, so your point about my not reading the original post is purely flame.  In fact, it is clear you did not actually read my post.
He clearly states "I also have a wireless router that provides DHCP", so in fact you did not read his post properly indeed and you can dry your tears as there is no need to cry about flaming.

I went on to talk about my situation where I am using a combined ADSL wireless router, and posed the question about how this would be handled
Quote
but thought for my own setup I'd have...
So you're giving advice while you don't even know how to set your own situation up, nice!

The second point of my post is that asking someone to change their content filter just because they want to put in LMCE does not seem reasonable.  It also discourages people from using LMCE if it putting it in is an "all or nothing" situation.  Perhaps it would be more productive to talk about whether there is any way to address the networking and content  filter rather than just flaming me (again).  Other people seem to be able to talk about this normally and be helpful to both the original poster and me (thanks Colin!).
Have you done extensive marketing research on what encourages or discourages people from using LMCE?  No? I didn't think so either, so that is just your personal opinion (basicly a gift-wrapped turd).  And keep winging about flaming, you big girls blouse, and I'll show you what flaming really is.

It is not as if I have not been documenting what I have been doing and trying to assist other users.  I just happen to think that there are contradictions inherent in LMCE.
I'll reccomend you for a nice LMCE ribbon, maybe a medal even.

If you don't like some of my opinions, well that is your prerogative.  But every post from you is aggressive and a personal attack.  And not just to me. You have also edited my Wiki contributions to scare people off from using the information that both I and other people have used to make our LMCE systems work better (case in point, the entry on updating the kernel, which you wrote "would cause the system to become unstable", whereas following the procedures actually has made my system much more stable).

Cry me a fucking river you annoying twat.  And yes your precious wiki page will break the system (as irrelevant as dragging it into this discussion is), so excuse me for warning the people that think it is the official way to go.

"Change is inevitable. Progress is optional."
-- Anonymous