I support a small parochial school (as a parent technology volunteer) which currently has two SME servers operating in gateway/server mode. One server has all the teacher staff accounts on a VLAN and the other server has all the student accounts on another VLAN.
These two VLAN’s connect to a third default VLAN to get to the public internet. On the default VLAN I am running Smoothwall Express 2.0 as our linux internet firewall and internet content filtering software.
This is my problem which I haven’t found a solution yet:
The SME server operating in server/gateway mode is running a firewall which is preventing my internet firewall from receiving “ident” user information and “actual” IP addressing from my WinXP network clients. In my Dansguardian log files I can’t seem to get the user id of the student nor the actual client IP of the system they were logged into when a web page is denied. All I get is the “gateway” masqueraded IP from the SME server, which doesn’t tell me which client system they were logged onto.
Is it possible to easily shutdown the SME Server firewall and run the server/gateway as a simple linux router between the two VLAN’s, so that the actual IP of the network client (not the server masqueraded IP) is passed through the SME server and shows up in the Dansguardian log files?
Any assistance would be appreciated. I don’t need detailed instructions, just someone to tell me if this is easily achieved and to summarize what it would take to achieve it. As with any customization, I know I may jeopardize the ability of the SME server to seamlessly update to new releases or security updates.
We’ve been using SME Server since version 5, and I’ve tried stopping the masquerading process, however this seems to kill all routing between the two VLANS and not just shut down the SME firewall.
4 Replies
1866 Views