Hi, I am a teacher in the South of Spain, Malaga.
I am really interested in which is the best, or at least one of best, Server Distributions.
I have to install and manage a Server in the High School where I am working.
- I need to block the traffic on internet of the
students but not the teachers.
- I need to install several platforms such as;
- Moodle (for being used by the students and teachers)
- Joomla or Drupal or CMS Made Simple, I don't know
yet (for the web page of the High School)
- An Intranet, programmed in PHP and MySQL
(for being used by teachers)
- Also I would like to control, if it is possible,
programs like UltraSurf
- I heard something like ACL (Access Control List) to avoid the students visiting several webs.

And of course I would like that everything where easy to install, easy to use, easy to manage.
It is possible to have a graphic interface in one of those Server Distributions?

That's all, if someone could help me I will be very gratefull.
Kind regards.
Jose.

That sounds like a firewalling problem (although that makes assumptions about how you organise your network...), and any Linux distribution had the iptables firewalling system available to it. There are graphical front ends to iptables, but there is such a selection of them that each distribution has only a few of them by default (...but you can always install something that is not available by default).

Drupal and Joomla! will be available for everything, and, I would expect that the others would be too (but haven't checked).


I know what an intranet is, and I know what PHP and MySQL are, but I don't quite see the connection, or at least I don't quite see the connection that you want. Allowing the teachers to program in PHP and use MySQL databases would be easy enough, if that is what you mean. Preventing the students using things intended for teachers might be the bigger problem?

Don't know what ultrasurf is, presumably some windows program, offering some kind of access control. Does squid do what you need?

At the expense of stating the painfully obvious, Access Control Lists are Lists for Controlling Access. That is a phrase that can be used in more than one context (eg, with filesystems). Guessing again, squid may be able to do what you need (but, again, what can be done depends on how you structure your network).

It is possible to have a GUI for a server, but be aware that this does make security issues and resource issues more apparent. Something like webmin might be a useful middle way (but potentially brings its own problems...you must keep it up to date, if you use it. Given that this is quite easy, you would imagine that it always happens, but it seems that, more often than not, it doesn't.)

• Easy to install - yes everything (but that's not the same as saying that you know how to do it yet)
• Easy to install - yes everything (but that's not the same as saying that it is easy to configure for your system)
• Easy to use (the server) - yes, up to a point, but it is to a certain extent an issue of how you configure it
• Easy to manage - well, if you are comfortable with the command line, everything is more or less easy to manage, but webmin might be your way around this. But learning the command line is a better solution, really.

For many people the threat they will be most concerned about is the external threat coming from the internet. For your situation, depending on the age of the students, the type of students, the threat from inside your network is probably something you also need to worry about in almost equal measure.

Phew, that's a relief

(Note: if you can say, with certainty, if it is an IP in this range it is a student, and that IP range it is a teacher, the rest of your problems become somewhat easier. This may not be possible for you.)

1 members found this post helpful.

Just to add a suggestions to Salasi's comment about firewalling with Squid, have a look at Dansguardian, which I believe will do the trick for filtering the student browsing content.

Very good answers above, especially Salasi's break down.

I'd suggest a 'conservative' Long Term Supported system like RHEL or maybe Ubuntu LTS.
Note that for RHEL you have to pay a subscription, but it does include support via email and/or phone.
If you feel confident, you could use a free RHEL rebuild like Centos, but that doesn't include on-demand support.
RHEL/Centos does come with a GUI if required.

Given what you want to do, unless you are confident in managing from the cli, I'd recommend paid support (eg RHEL) or get someone who knows.
This is a non-trivial exercise and you will(!) have to secure it, especially against your own students (unless they are very young).

You may well have legal requirements also by the local education authority.

Conservative is always good for servers, but, in addition the things that makes what is suitable for, eg, a desktop-focussed distro inappropriate is that the support period will be too short. Provided that ensure that you get a long support (availability of security fixes) period, you'll almost automatically be getting a conservative distro.

And getting back to the question of the title (which doesn't seem to be the focus of the post, but never mind), you can compare distros at distrowatch, and get their information on all server distros. In this situation, there might also be a case for considering an appliance distro like Zentyal, SME Server, etc, but the distro (as usual) isn't the biggest question here. There is a lot of network structuring and design to be considered here, and whatever distro you choose, that part is still there.

If you want to take this further, you'll have to come up with more information about the environment and how you intend to proceed.

Hi there, I am back again. Sorry for not being able to say nothing in a couple of days but I have being very busy at my job. Bureaucracy is the worst but colleague are even worst, you know what I mean.

First of all I woul like to say thanks to you, salasi, (for being so extensive an eloquent in the answer) to Noway2, (about DansGuardian I have a few questions) and also chrism01 (who make me search for information about RHEL, now I know that is Red Hat, right?)

Secondly I want you to know that being Spaniard my English is not so good and I have to ask for sorry for attending to write in an English forum. It is something that I have felt when I read the answer of salasi. But I promise you that I will do my best everytime.
Also I want to let you know that, even being a computer's teacher my knowledge, about some issues, is far away from where you are.

Okey, know I will explain myself much better. I have 5 classrooms with about 30 student in each one of them. Also every classroom has a computer for the teacher and 30 ones for the students. If I want to allow some IPs to surf free (teachers) and others to be not allow to load some webs It is called a problem of Firewalling (as salasi said) and iptables could help, but it is so easy to set up? I mean, are there something else more visual? A webadmin interface where you can write down the IPs in a text box or indicate a range of them and decide if they can visite the URL or not. It is something you cannot find in SME-Server at least in the basic installation and I couldn't find any pluging or extention to do that.

Also I need to host the web of the High School and the E-learning platform Moodle. I know that Moodle doesn't have more problems but choosing, for building the web page, a right CMS is difficult but I think that CMS Made Simple could be a good easy option.
Intranet is a web platform to control all the staff around High School, it is something that I have already running in a SME-Server. It has been programmed in PHP and MySQL.

According to the program Ultrasurf, it is something that students use to avoid ACL in the Squid. It is a program that use port 80 to connect with a proxy, being able to surf through this one.

About the structure of the network, I think it is as follow;

Attached Thumbnails

 

This is a computer user site; one thing that you will find that we are big on is clarity. Provided that you can achieve clarity, which is mostly about clear thinking, then slight problems with English, we can overcome.

I don't want to answer for anyone else, but if you want to find out specific things about Dansguardian, you'll have to ask those questions. Personally, the only thing that I know of dansguardian is here, but others will know more.

Before you even start, you need to think that those 150 students are trying to get something that they should not have (access to the teacher's 'privileges', access to stuff that you would rather they did not have access to on the internet). There is no point in saying that they should not be doing this - they are schoolkids, and this is what (some) schoolkids do.

Appropriate measures and the extent to which you have to protect them from the internet will depend on the age of the kids.

From your diagram, it looks as if the network structure does nothing to help separate out the privileged workstations (teachers) from the non-privileged ones (ie, they don't go to a separate switch, or anything). Therefore, whatever structuring of access rights has to be done some other way, and you have to anticipate that there will be some attempt to 'game' the system, because that will allow the students to get access to the stuff that you are trying to stop them from accessing.

If I understand your meaning correctly, I don't see this as adequate. I think that you are saying that there will be a 'teacher's IP range' and a 'student's IP range' and if one of the students finds out (trial and error, shoulder surfing, or whatever) the teacher's IP range, then all of your security is bust. Whatever method they use, they will eventually break this security measure, if it the only measure that you have.

If there is some secure method of ensuring that only teachers get IPs from a certain range, then you could use the IP as the basis of your security. From that point, iptables/firewalling works, but basing your security on IPs, if the IPs themselves are not secure is asking for trouble, which you will eventually get.

As to firewalling itself, there is something more visual: in fact, there are quite a few, but I've never found one that actually appeals and so found it easier to learn iptables directly. In particular, with a box with multiple ethernet interfaces, I always found it difficult to be sure which interface I was working with, and this was not what I wanted,

It seems that everyone else's mileage varies. (Note, all the other things that are described as 'a firewall' really aren't; they are graphical front ends to the iptables system. So, a nice, pretty program that allows you to point and click on graphical elements and that produces a set of iptables rules for your situation. I suppose that there is a very good case for this kind of thing in a very straightforward situation, such as a home user might face, but, if you want ultimate control, you want to at least understand Iptables itself.)

As far as SME Server itself is concerned, it looks here to have a pretty easy to use interface. It is a little disturbing that, when you look at their wiki, many of the reviews/references are a little old, but that's not necessarily serious.