SRear
December 1st, 2012, 11:21 AM
Hi I am a newcomer to Ubuntu and, after successfully installing Ubuntu 12.10 thought I'd install a web filter to protect the kids while browsing online. I have followed https://help.ubuntu.com/community/DansGuardian to install DansGaurdian and Squid I have also configured Group Filtering, (using OIDent), as per http://contentfilter.futuragts.com/wiki/doku.php?id=group_configuration&DokuWiki=bc19f9a82ae58549a21b977d5b877871. As long as the browser has the proxy set correctly everything works as expected (after a days work!).
The problem is that synaptic cant update packages with this configuration, (even when I set its http and ftp proxy settings). I am presented with multiple "Failed to fetch… Connection failed…." error messages.
I suspect this might be an IPTables config problem but I am not familiar with configuring this and suspect it will take a great deal of time to become familiar with it! After much googling I have found that adding the following to my IPTables Config will allow Synaptic to work however this also allows unfiltered access when the browser proxy settings are removed;
-P INPUT DROP
-A INPUT -i ! eth1 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Has anybody out there configured Dansgaurdian, Squid & Group Filtering allowing Synaptic to function while also preventing filtering bypass? If so can they please point me in the right direction? I have included my IPTables config below. Thanks for your help in advance!
# Generated by iptables-save v1.4.12 on Sat Nov 17 16:31:37 2012
*nat
:PREROUTING ACCEPT [1:229]
:INPUT ACCEPT [1:229]
:OUTPUT ACCEPT [6:376]
:POSTROUTING ACCEPT [248:14896]
#-P INPUT DROP
#-A INPUT -i ! eth1 -j ACCEPT
#-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT
-A OUTPUT -p tcp --dport 3128 -m owner --uid-owner proxy -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Sat Nov 17 16:31:37 2012
Regards ,
Simon
The problem is that synaptic cant update packages with this configuration, (even when I set its http and ftp proxy settings). I am presented with multiple "Failed to fetch… Connection failed…." error messages.
I suspect this might be an IPTables config problem but I am not familiar with configuring this and suspect it will take a great deal of time to become familiar with it! After much googling I have found that adding the following to my IPTables Config will allow Synaptic to work however this also allows unfiltered access when the browser proxy settings are removed;
-P INPUT DROP
-A INPUT -i ! eth1 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Has anybody out there configured Dansgaurdian, Squid & Group Filtering allowing Synaptic to function while also preventing filtering bypass? If so can they please point me in the right direction? I have included my IPTables config below. Thanks for your help in advance!
# Generated by iptables-save v1.4.12 on Sat Nov 17 16:31:37 2012
*nat
:PREROUTING ACCEPT [1:229]
:INPUT ACCEPT [1:229]
:OUTPUT ACCEPT [6:376]
:POSTROUTING ACCEPT [248:14896]
#-P INPUT DROP
#-A INPUT -i ! eth1 -j ACCEPT
#-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT
-A OUTPUT -p tcp --dport 3128 -m owner --uid-owner proxy -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Sat Nov 17 16:31:37 2012
Regards ,
Simon