Joined: 12 Dec 2002
Location: Bristol, UK
|Posted: Fri Sep 12, 2003 5:37 pm Post subject: CensorNet 3.2 BETA Testers Wanted
We're doing an interim release (v3.2) prior to the all singing all dancing v4.0. We need some beta testers - please e-mail me (firstname.lastname@example.org) if you are willing to do some testing. You will need a spare machine because we aren't writing an upgrade patch/migrate script until 3.2 is out of beta.
Here's the changelog:
Changes from 3.1r6 to 3.2:
* Removed the DNS proxy server DNRD from CensorNet as it was causing problems, this means that clients (Workstations) will need their DNS settings updated if currently configured to use CensorNet as their DNS server.
* Removed emacs and replaced it with a much smaller (although somewhat simpler) editor called Jove, this was primarily to save space in the ISO as emacs took up almost 35MB, a Symlink has been created "emacs -> jove".
* Removed the "Blacklist Override" feature, i.e. passwords for specific blacklist entries, as it was badly implemented, and open for users to execute DOS attacks on the server. Sorry!
Added "setup" program features...
* Added the option to switch between "IP Router" and "Ethernet Bridge" mode. So, you can experiment, and no longer need a patch to turn CensorNet into a Bridge (transparent firewall).
* Added the option to disable NAT (IP Masquerading) on the public interface.
* Added "Port Pinholing" as well as Port Forwarding capability to the Firewall configuration dialog. This means that if you have CensorNet configured as a router, public and private interfaces are on different subnets, and NAT is disabled, you can open ports for specific services running on the private network.
* Added option to allow access to the Web Admin area from the public interface, this is only a good idea if you have an upstream firewall to block access to it from the Internet.
* Changed the behaviour of the Windows NT authentication configuration, you now specify the PDC and BDC using IP address, rather than NetBIOS hostname. This is because a few people have problems getting CensorNet to resolve the NetBIOS hostnames.
* Restructured the "Web Cache Configuration" dialog, added ability for users to specify a list of domains that CensorNet will allow unauthenticated (and unfiltered) access to. This is to get around problems with certain auto-update utilities, which do not support the proxy authentication protocol.
* Added the ability for users to specify the TCP port number that the filtering proxy listens on.
* Added a feature to force unfiltered access to the Web from specified source IP addresses. This allows the admin to setup a list of Workstations from which all web access will always be unfiltered.
Added "Web Front-end" functionality...
* Backup feature now adds a date stamp to the filename of the downloaded backup tarball.
* Added a "Moderator" user profile, which allows unfiltered access to the Web, but gives the user the ability to quickly review sites, and submit them for Blocking/Unblocking approval (i.e. Black/Whitelisting approval).
* Block/Unblock request approval reports in the "Site Filters" section allows admins to approve or decline requests from Moderator users (and unblock requests from normal users using a new form on the Access Denied page).
* Block/Unblock request email digest can be configured so that CensorNet automatically sends a list of all pending approvals to an email address.
* Updated to Kernel version 2.4.22, although this is still a modified Kernel.
* Added ACPI support in Kernel and through the user space demon "acpid" to facilitate for auto-shutdown on systems with a soft-power button and BIOS support for ACPI.
* Finally fixed the Bandwidth limiter! Yay! The Squid delay pools now use the X-Forwarded-For HTTP header to allocate the pools instead of the real source IP (which is always the local address from DansGuardian).
* A few typos, minor bugs and annoyances have also been addressed, e.g. MAC addresses can be given in hyphenated format as well as colon separated.