Thread: Parental Controls : Automatix anyone ... please?
View Single Post
Old July 6th, 2006  
Appolusionist
Just Give Me the Beans!
 
Appolusionist's Avatar
 
Join Date: Feb 2005
Location: Wahiawa, HI
Beans: 72
Kubuntu 6.06
Send a message via AIM to Appolusionist Send a message via MSN to Appolusionist Send a message via Yahoo to Appolusionist
Re: Parental Controls : Automatix anyone ... please?
Quote:
Originally Posted by christmasisland
I followed his directions a few weeks ago and found problems. They are documented at the end of the page in the comment section. It turns out the directions are wrong and haven't been fixed yet.

Mike
I have TinyProxy/DansGuardian working correctly with Dapper. Let me back track the steps I took and give you my configuration. I have included the specific changes I made in the config files.

Install dansguardian, tinyproxy, and firehol

Code:
sudo apt-get install dansguardian tinyproxy firehol
Edit /etc/dansguardian/dansguardian.conf...

Code:
sudo nano -w /etc/dansguardian/dansguardian.conf
and leave everything at default. You will just need to comment out the UNCONFIGURED line

Code:
# Comment this line out once you have modified this file to suit your needs
#UNCONFIGURED
Next, you will need to edit the tinyproxy.conf

Code:
sudo nano -w /etc/tinyproxy/tinyproxy.conf
and make the following changes

Code:
##
## tinyproxy.conf -- tinyproxy daemon configuration file
##

#
# Name of the user the tinyproxy daemon should switch to after the port
# has been bound.
#
User nobody
Group nogroup

#
# Port to listen on.
#
#Port 8888
Port 3128
Now the last file to be edited is /etc/firehol/firehol.conf

Code:
sudo nano -w /etc/firehol/firehol.conf
and here is my entire firehol.conf file

Code:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "nobody root"

# Accept all client traffic on any interface
interface any world
	policy drop
	protection strong
	client all accept
Then restart the services

Code:
sudo /etc/init.d/dansguardian restart
sudo /etc/init.d/tinyproxy restart
sudo /etc/init.d/firehol restart
You should now have a working internet filter without any changes being made to the proxy settings.
__________________
~~Rueshann: "Laziness is the mother of all F*UPS."
Blog :: Screenshot :: GnuPG Public Key
Appolusionist is offline   Reply With Quote