Re: [K12OSN] CIPA and Squidguard
Ryan 'Gozar' Collins (me@ryancollins.org)
Thu, 03 Apr 2003 08:26:53 -0500
on 4/1/03 12:18 AM, Eric Harrison at eharrison@mail.mesd.k12.or.us said:
> On Mon, 31 Mar 2003, Ryan Collins wrote:
>> Mike Rambo said:
>>> All this to say that an explicit warning against using ipchains may help
>>> out someone else who is tempted to do what we did out of convenience.
>> Can I ask what issues you were having? We've been using ipchains to
>> transparently proxy our network for 2 1/2 years now and haven't had a
>> problem (~600 machines, around half active on the net at a time).
>>
> Are you using a 2.2.x kernel?
>
> ipchains is the native firewall in the 2.2.x kernels.
>
> iptables is the native firewall in the 2.4.x kernels.
>
> The 2.4.x kernels also have an ipchains emulation mode that more-or-less
> maps the ipchains behavoir ontop of iptables. This emulation mode is
> less efficient than ipchains in the 2.2.x kernels. Depending on what
> you are doing, this can really kill performance.
Ok, that's why its working for me. My squid box is a RH7.0 box with a 2.2.x
kernel.
--
Ryan Collins Kenton City Schools Technology Coordinator
collinsr@kenton.k12.oh.us http://www.kenton.k12.oh.us/
Help Desk- http://www.kenton.k12.oh.us/helpdesk/
"When will the public cease to insult the teacher's calling with empty
flattery? When will men who would never for a moment encourage their own
sons to enter the work of the public schools cease to tell us that education
is the greatest and noblest of all human callings?"
-William C. Bagley
_______________________________________________
K12OSN mailing list
K12OSN@redhat.com
https://listman.redhat.com/mailman/listinfo/k12osn
For more info see