[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lias] DET server address setup for schools



I've been meaning to post this page for some time - a must for anyone wanting to setup servers within their school, lists all the recommended addresses and ports  (the page is only visible from the schools WAN)

-------- Original Message --------
Subject: Schools - Proxy
Date: Sat, 30 Nov 2002 23:46:34 +1100
From: The Dorrell Kids <jammy54au@yahoo.com>
To: andrew.dorrell@cisra.canon.com.au


http://detwww.det.nsw.edu.au/internet/schools/
http://detwww.det.nsw.edu.au/internet/schools/sc-main.htm

Title: Schools - Proxy
 

Browser Configuration for School Clients

  • Browsers at schools must be configured with PAC files .

  • Browsers that cannot use PAC files should not be used.

  • The PAC file configuration for each school is:

  • http://pac.schools.nsw.edu.au/schools/<school_id>.pac (as from 15/10/1999)

  • Note: The old URL http://proxy.schools.nsw.edu.au/schools/<school_id>.pac is now obsolete and should be changed to the new URL.

  • The use of PAC files at schools with local proxies is also required.

RAS Users

  • Users using RAS into school pops should set the proxy settings for their dial up configuration to be
    http://pac.det.nsw.edu.au/det/itbproxy.pac

Proxy Servers at Schools

  • Schools with local proxy servers are required to set up the proxy server on this IP address:

  • 10.<School Specific>.<School Specific>.20

  • The proxy must be configured to chain up to proxyds.schools.nsw.edu.au on port 80.
    Set your proxy to answer client request on port 80.

  • The proxyds.schools.nsw.edu.au DNS entry should used in the configuration of your local proxy server. The use of an IP address is discouraged as the actual machine(s) that are referenced by this DNS entry may change without notice due to failures, maintenance etc.

  • When a proxy server is established at school ITB via the HelpDesk must be contacted so that the PAC files for the school can be modified to make them local proxy aware.

  • Do not change the proxy setting in your local clients to point to your proxy server. Leave the PAC file as is. When you advise the HelpDesk about the addition of your local proxy the PAC file for your school will be amended. The modified PAC file will direct requests to your proxy server. Should you suffer a failure of your proxy (or even need to maintain it) the PAC files will use the central proxy servers automatically.

Types of School (Local) Proxy Servers

To facilitate the most efficient creation of PAC files for school browsers the local proxies have been divided onto the following categories:

    1. All Requests - All browser requests are sent to the local proxy server.

    2. Not Local - All browser requests except for the local school 10 network to the local proxy.

    3. Internet Only - Only request destined for Internet sites are sent to the local proxy.


The selection of the above categories is at the schools discretion. Note there are restrictions on choice imposed by the type of local proxy selected.

The 'All Requests' and 'Not Local' selections can only be used with a proxy server that allows and has been configured to send requests to local school web servers and DET servers directly. That is requests for DET intranet servers are not passed to the central proxy servers.

Configuration of downstream SQUID proxy server for schools

The default configuration of squid proxy as a downstream proxy server causes it to try to go direct first then try to use ICP and finally use CERN to communicate to its parent. The result of this is EXTEMELY slow response for any external internet sites but excellent response from internal DET sites as these are accessible directly.
To overcome this problem you need to edit the squid.conf file in the following way.

Firstly, find the cache_peer tag and set it as follows:

cache_peer proxyds.schools.nsw.edu.au parent 80 3130 no-query no-digest

This will set the correct parent and proxy port and stop the use of ICP which is not supported in our network.

Secondly, find the never_direct tag and set it as follows:

#if you want to go direct for any domains setup an access control list like this
acl local-servers dstdomain .tafensw.edu.au .det.nsw.edu.au .schools.nsw.edu.au
#then specify an acl for everything else
acl all src 0.0.0.0/0.0.0.0

#this double negative makes the proxy go direct for the sites in this acl
never_direct deny local-servers
#this makes everything else go via the parent
never_direct allow all

Now restart squid and everthing should be working properly.

IP Address Allocation at Schools

Each school has been allocated a single C class address in the 10 network range.
This address range has been broken up into a number of section for administrative ease.

These sections are the same for each school, due to the large number of schools that need to be dealt with.

The address ranges are:

1 - 10 Reserved by ITB Networks Branch for Communications Devices.

11 - 30 Reserved for Servers

31 - 254 Client PC's/Mac's

In the 1 - 10 Communications Range the allocation of IP's are:

1 - WAN Router

2 - 10 - Reserved for ITB Allocation

In the 11 - 30 Server Range the allocation of IP's are suggested:

11 - Free for Schools Use

12 - Free for Schools Use

13 - Free for Schools Use

14 - Free for Schools Use

15 - Free for Schools Use

16 - OASIS Server 1

17 - OASIS Server 2

18 - Reserved for ITB Allocation

19 - Reserved for ITB Allocation

20 - Local Proxy Server

21 - Reserved for Local Mail Server

22 - Reserved for ITB (d) Allocation

23 - Reserved for ITB (d) Allocation

24 - Reserved for ITB Allocation

25 - Free for Schools Use

26 - Free for Schools Use

27 - Free for Schools Use

28 - School Web Server 3

29 - School Web Server 2

30 - School Web Server 1

Where there is no server used on the address (ie no local Mail server) this address is reserved and shall not be used for any other purpose.

Where a single server is used for more than 1 function is it should be allocated multiple IP address' and each service answer on the appropriate address.

Click here to test the download speed.

Diagnostics of School Problems

When a school implements a proxy server it is important to allow access from the ITB network to this device on the following ports:

  • Port 80 (or the port the proxy is running on)

  • ICMP (ping type functions)

If access is not permitted then diagnosis of problems involving your proxy cannot be done and extended service disruptions may occur.

School Firewalls

Where a school implements a firewall the access as specified above is still required for the same reason.

Schools Web Server

FTP Access
Schools may use FTP to upload their web site to the schools web server by connecting to ftp.schools.nsw.edu.au with their school user name (ie: ajuga-s)

For full directions on publishing school web sites go to
http://detwww.det.nsw.edu.au/webdev/learcent/welcome.htm


Ozemail Web Server
Schools may upload content to their OzEmail FTP accounts through two methods:

  1. Upload through the Netscape Browser Publish facility

  2. PUT files to the OzEmail service through any client you chose through direct FTP

With the direct FTP service you may perform most standard FTP functions with the exception of GETing files from the site.

Please note that this direct Client FTP service is only available to the OzEmail ftp server.

Last Updated: 6 February, 2002