Tech Forum

That is why we need some sort of a mechanism so that if a member, especially when doing family history work at a Church location, normally an FHC but that is now all changing thanks to what everyone involved in gathering and posting family history and genealogical data and putting that online, is doing on a daily basis, comes across something that is for some reason blocked because it is on an aggregator site that has diverse content. This is already the case with Yahoo Groups because some of the best-known genealogy lists use that service as their platform, along with mailing lists on any subject whatsoever.

And also, what if a member even off-network, finds out about something, even inadvertently or just spots a problem site advertising like the ones I mentioned, that SHOULD be blocked? Like the scam sites I mentioned. Where can a member email those URLs to or where might an online submission form be located. Right now I use K9, so if I ever were to get a tablet and take it with me, I would be more protected against these scam sites whether directly or indirectly, than I do under current filtering solutions we've had since we gave up Cerberian which is now Blue Coat or K9.

Tempted to start a new thread, this is getting a bit long ...

As you probably all saw a everything was finally supposed to be locked down last Monday. On Friday I went around to check and apparently they hadn't done it yet. But is this a router-by-router change or a global change? Here's what I found:

The routers had been configured to use the new DNS servers, but filtering wasn't working. The routers were initially set with the 35 address as the primary DNS and the 34 as secondary. The GSC reversed that and filtering is working fine now. But any traffic going through our non-standard wireless access point routers could access the internet without any filtering.

However, today none of the traffic could get through the WAPs in one building. Is that a sign that the changes were made? Surprised that it would have been changed in the period since late Friday afternoon. They are still working "fine" in another building.

Unfortunately I don't have any access to these devices. I've been on our FM's case for a long time to fix this but it hasn't happened yet. I unplugged the ones in the building that weren't working, but it has fair coverage from the 881.

It was a bit of a pain to test the filtering. I had to clear my cache between every attempt. (It was easy with IE, but I still need to figure out how to clear it properly in Firefox.) And is there some software that lets you pick which access point you are connecting to?

craiggsmith wrote:any traffic going through our non-standard wireless access point routers could access the internet without any filtering.

How are those routers set up? Are they getting their IP (and DNS settings) from the 881, or has the DNS been statically programmed into them?

Since you indicated that the filtering wasn't working until the DNS in the 881 was updated, the non-standard WAPs could still be working with cached copies of the old settings.

craiggsmith wrote:However, today none of the traffic could get through the WAPs in one building. Is that a sign that the changes were made?

Assuming non-standard WAPs, that seems likely.

russellhltn wrote:How are those routers set up? Are they getting their IP (and DNS settings) from the 881, or has the DNS been statically programmed into them?

I'm not sure how they're set up as I can't log in to them. The DNS address it shows I'm using is the same as the gateway address, the router itself, which is certainly not the actual DNS. I did an nslookup, but now I can't remember what it said; I think it still gave the router address with no server name.

russellhltn wrote:Since you indicated that the filtering wasn't working until the DNS in the 881 was updated, the non-standard WAPs could still be working with cached copies of the old settings.

Good point. I did reboot the routers though with no effect, so I don't think that's the case. But I'll try again.

craiggsmith wrote:I'm not sure how they're set up as I can't log in to them.

Well, someone is going to have to assert authority over them. Usually they have a recessed "reset" switch that will return them to factory default.

Facilities installed them and has access to them. Unfortunately I haven't been able to find any documentation online about them.

craiggsmith wrote:Facilities installed them and has access to them. Unfortunately I haven't been able to find any documentation online about them.

If FM is going to take that role, then someone is going to have to prod them to catch up with things.

We've been trying. In the mean time I've been trying to figure out exactly what's going on so I can tell them what needs to be done. Last week I started to email them saying that the wireless would stop working completely but then found that it still was (except for filtering etc). I did find that the router we have for the stake pres subnet is OK as it's set for DNS pass-through. Ideally I want them to just put in 1041's but that's not likely to happen until next year.

I found out that last Monday was the date the lockdown was starting, not completing, so I guess it is happening now.

It does take some time for things to propagate, even if they said a specific range of locations or a specific range of devices would be affected, so that could be one explanation of why some devices are over to the new setup and not others.