Browser
Configuration for School Clients
-
Browsers
at schools must be configured with PAC files .
-
Browsers
that cannot use PAC files should not be used.
-
The
PAC file configuration for each school is:
http://pac.schools.nsw.edu.au/schools/<school_id>.pac
(as from 15/10/1999)
-
Note:
The old URL http://proxy.schools.nsw.edu.au/schools/<school_id>.pac
is now obsolete
and should be changed to the new URL.
- The
use of PAC files at schools with local proxies is
also required.
RAS
Users
- Users
using RAS into school pops should set the proxy
settings for their dial up configuration to
be
http://pac.det.nsw.edu.au/det/itbproxy.pac
Proxy
Servers at Schools
-
Schools
with local proxy servers are required to set up
the proxy server on this IP address:
10.<School
Specific>.<School Specific>.20
-
The
proxy must be configured to chain up to proxyds.schools.nsw.edu.au
on port 80.
Set your proxy to answer client request on port
80.
-
The
proxyds.schools.nsw.edu.au DNS entry should used
in the configuration of your local proxy server.
The use of an IP address is discouraged as the actual
machine(s) that are referenced by this DNS entry
may change without notice due to failures, maintenance
etc.
-
When
a proxy server is established at school ITB via
the HelpDesk must be contacted so that the PAC files
for the school can be modified to make them local
proxy aware.
-
Do
not change the proxy setting in your local clients
to point to your proxy server. Leave the PAC file
as is. When you advise the HelpDesk about the addition
of your local proxy the PAC file for your school
will be amended. The modified PAC file will direct
requests to your proxy server. Should you suffer
a failure of your proxy (or even need to maintain
it) the PAC files will use the central proxy servers
automatically.
Types
of School (Local) Proxy Servers
To
facilitate the most efficient creation of PAC files
for school browsers the local proxies have been divided
onto the following categories:
-
All
Requests - All browser requests are sent to
the local proxy server.
-
Not
Local - All browser requests except for the
local school 10 network to the local proxy.
-
Internet
Only - Only request destined for Internet
sites are sent to the local proxy.
The selection of the above categories is at the schools
discretion. Note there are restrictions on choice imposed
by the type of local proxy selected.
The
'All Requests' and 'Not Local' selections can only be
used with a proxy server that allows and has been configured
to send requests to local school web servers and DET
servers directly. That is requests for DET intranet
servers are not passed to the central proxy servers.
Configuration
of downstream SQUID proxy server for schools
The
default configuration of squid proxy as a downstream
proxy server causes it to try to go direct first then
try to use ICP and finally use CERN to communicate to
its parent. The result of this is EXTEMELY slow response
for any external internet sites but excellent response
from internal DET sites as these are accessible directly.
To overcome this problem you need to edit the squid.conf
file in the following way.
Firstly,
find the cache_peer tag and set it as follows:
cache_peer
proxyds.schools.nsw.edu.au parent 80 3130 no-query
no-digest
This
will set the correct parent and proxy port and stop
the use of ICP which is not supported in our network.
Secondly,
find the never_direct tag and set it as follows:
#if
you want to go direct for any domains setup an access
control list like this
acl local-servers dstdomain .tafensw.edu.au .det.nsw.edu.au
.schools.nsw.edu.au
#then specify an acl for everything else
acl all src 0.0.0.0/0.0.0.0
#this
double negative makes the proxy go direct for the
sites in this acl
never_direct deny local-servers
#this makes everything else go via the parent
never_direct allow all
Now
restart squid and everthing should be working properly.
IP
Address Allocation at Schools
Each
school has been allocated a single C class address in
the 10 network range.
This address range has been broken up into a number
of section for administrative ease.
These
sections are the same for each school, due to the large
number of schools that need to be dealt with.
The
address ranges are:
1
- 10 Reserved by ITB Networks Branch for Communications
Devices.
11
- 30 Reserved for Servers
31
- 254 Client PC's/Mac's
In
the 1 - 10 Communications Range the allocation of
IP's are:
1
- WAN Router
2
- 10 - Reserved for ITB Allocation
In
the 11 - 30 Server Range the allocation of IP's
are suggested:
11
- Free for Schools Use
12
- Free for Schools Use
13
- Free for Schools Use
14
- Free for Schools Use
15
- Free for Schools Use
16
- OASIS Server 1
17
- OASIS Server 2
18
- Reserved for ITB Allocation
19
- Reserved for ITB Allocation
20
- Local Proxy Server
21
- Reserved for Local Mail Server
22
- Reserved for ITB (d) Allocation
23
- Reserved for ITB (d) Allocation
24
- Reserved for ITB Allocation
25
- Free for Schools Use
26
- Free for Schools Use
27
- Free for Schools Use
28
- School Web Server 3
29
- School Web Server 2
30
- School Web Server 1
Where
there is no server used on the address (ie no local
Mail server) this address is reserved and shall not
be used for any other purpose.
Where
a single server is used for more than 1 function is
it should be allocated multiple IP address' and each
service answer on the appropriate address.
Click
here to test the download speed.
Diagnostics
of School Problems
When
a school implements a proxy server it is important to
allow access from the ITB network to this device on
the following ports:
If
access is not permitted then diagnosis of problems involving
your proxy cannot be done and extended service disruptions
may occur.
School
Firewalls
Where
a school implements a firewall the access as specified
above is still required for the same reason.
Schools
Web Server
FTP
Access
Schools may use FTP to upload their web site to the schools
web server by connecting to ftp.schools.nsw.edu.au
with their school user name (ie: ajuga-s)
For
full directions on publishing school web sites go to
http://detwww.det.nsw.edu.au/webdev/learcent/welcome.htm
Ozemail Web Server
Schools may upload content to their OzEmail FTP accounts
through two methods:
- Upload
through the Netscape Browser Publish facility
- PUT
files to the OzEmail service through any client you
chose through direct FTP
With
the direct FTP service you may perform most standard
FTP functions with the exception of GETing files from
the site.
Please
note that this direct Client FTP service is only available
to the OzEmail ftp server.
|