To create an internet gateway through which all my Windows clients gain access to the internet, but with the following specifications:
1.The proxy should be transparent
2.Client machines should not be able to override Dansguardian by manual proxy setting.
3.Should be able to add remove exclusions from clients through a browser
6.Dansguardian Module for webmin
Please install in the above given sequence.
1.Apache: No configuration necessary
2.PHP: You might get an insufficient memory error, don’t worry, check the .ini file and change the memory to at least 24 MB, default is around 16 MB.
3.Webmin: No configuration necessary
4.Squid: We need to make this transparent and we should allow squid to listen only to local host, thus stopping manual override. [(i.e.) users cannot give the gateway IP and 3128 port and access internet without going through Dansguardian content filter.]
a.GOTO> /etc/squid/squid.conf
b.Search for: http_port 3128
c.Change it to : http_port 127.0.0.1:3128 transparent
f.Now squid is transparent and listens only to the localhost and not on any eth!
a.GOTO> /etc/Dansguardian/ Dansguardian.conf
b.Search for: UNCONFIGURED
c.Comment it out by placing a # in front of this word
d.Change filterip = <the IP where you want your clients to listen> [this is the gateway IP that you give to your client, either through DHCP or through manual configuration]
e.Filterport can be left alone
f.Change proxyip=127.0.0.1 [we have already configured squid to be available only at this IP]
g.Proxyport can be left alone unless you have configured squid otherwise
i.Now when you set your clients proxy to <gateway IP> and port:8080, you should not be able to access offensive sites.
7.Install this module in webmin
A beautiful HOWTO by bmathis that actually laid out the foundation for the current HOWTO that you are reading (Thank you Bmathis!!)
Note: Type all the following commands in a root terminal, DO NOT use sudo.
1. Start by configuring the network card that interfaces to the other computers on you network:
# ifconfig ethX ip
where ethX is the network card and ip is your desired server ip address (Usually 192.168.0.1 is used)
2. Then configure the NAT as follows:
# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
where ethX is the network card that the Internet is coming from
# echo 1 > /proc/sys/net/ipv4/ip_forward
3. Install dnsmasq and ipmasq using apt-get:
# apt-get install dnsmasq ipmasq
4. Restart dnsmasq:
# /etc/init.d/dnsmasq restart
5. Reconfigure ipmasq to start after networking has been started:
# dpkg-reconfigure ipmasq
6. Repeat steps 1 and 2.
7. Add the line "net.ipv4.ip_forward = 1" to /etc/sysctl.conf
# gedit /etc/sysctl.conf
8. Reboot. (Optional)
2.GOTO>Webmin>Linux firewall>NAT>add rule
a.Please make sure that you replace the given networks with your own!!
Now even without manually configuring your clients they should be able to get internet connectivity that is filtered through Dansguardian.
I made some mistakes that frustrated me beyond words, am adding them here so that it can save you a load of frustration.
1.Please set your gateway and primary DNS server to the Linux box where Dansguardian runs
2.Please restart all applications after each configuration change
3.Please restart the Linux box after completion of all settings before commencing testing
4.Please see that in your browser the proxy setting is set to no proxy
5.Please see that your Ethernet card is configured properly
6.Please be relaxed, cause “if it has to go wrong it will”
In my case I have a windows 2003 server as AD with close to 200 clients. This server is named “mango”. Have a separate Linux box for serving internet; I call it “tango”.
Tango has 2 Ethernet cards, eth0 and eth1.
1.Eth0: is connected to a broadband router directly and carries an IP of 192.168.0.1
2.Eth1: is connected to the LAN switch with a IP of 10.0.0.2
3.Then I went the bmathis way
4.Then configured the applications
6.Then restarted everything in sequence
7.Then restarted the computer/system
8.Then repaired clients IP
9.Waited for some 15 minutes
It was only after this that I could get the client to surf the internet safely through a filter.
Thank you
Note: AM very sorry for not completing this HOWTO before, am indebted to many people in this forum and the organization that hosts this forum. I had started in some places but failed miserable and could not complete them
I request the forum admins to
please delete my thread: http://ubuntuforums.org/showthread.php?t=638762
This thread I started, but could not finish.
Now that it’s finished your welcome to test this out.
Bookmarks