Page 1 of 4 123 ... LastLast
Results 1 to 10 of 152

Thread: HOWTO: Install Dansguardian on a single desktop

Hybrid View

  1. #1
    Join Date
    Jun 2006
    Beans
    70

    HOWTO: Install Dansguardian on a single desktop AND for a network

    Dansguardian does an outstanding job of web content filtering to protect from rubbish on the internet. This howto is a synthesis of information taken from:
    http://www.pilpi.net/journal/item-985.php

    ** Edit ** 25th November 2009 Please see final pages of this thread (Pages 13-14) for adaptions/updates to this howto for Ubuntu 9.10 (Karmic) and in particular issues with Karmic version of Dansguardian. Also a deb that is available to automate much of this.

    Setting up Dansguardian using Tinyproxy and Firehol on Ubuntu/Edubuntu

    1. Ensure "universe repository" is activated and install packages:
    sudo apt-get update
    sudo apt-get install dansguardian tinyproxy firehol


    Note: will probably need to reinstall dansguardian to overcome clamav config errors.

    2. Edit: sudo gedit /etc/dansguardian/dansguardian.conf

    a) Add comment (#) to:
    #UNCONFIGURED

    b) Turn off virus checking (if not wanted):
    virusscan=off

    c) Check that the following are set:
    filterport = 8080
    proxyip = 127.0.0.1
    proxyport = 3128


    d) Save & exit.

    e) Run:
    sudo dpkg-reconfigure dansguardian

    3. Edit: sudo gedit /etc/firehol/firehol.conf

    Add all of the following at the start of the document:

    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

    transparent_squid 8080 "root root"

    interface any world
    policy drop
    protection strong
    client all accept
    server cups accept
    #server webcache accept


    Note: will need to remove "interface any world . . ." further on in the document.
    Note: uncomment "server webcache accept" if this dansguardian system is going to filter others on a network BUT do not then connect directly to the internet as this is opening it wide open for anyone to access!

    4. Edit: sudo gedit /etc/default/firehol

    START_FIREHOL=YES

    This is to allow restarting of the firewall.

    5. Edit sudo gedit /etc/tinyproxy/tinyproxy.conf

    Change/add the following lines (by scrolling through the document):
    User root
    Group root
    Port 3128
    ViaProxyName "tinyproxy"


    6. Restart each program:

    sudo /etc/init.d/tinyproxy restart
    sudo /etc/init.d/firehol restart
    sudo /etc/init.d/dansguardian restart


    7. Dansguardian should now be operational blocking objectional sites using any browser!

    ** EDITED INFORMATION ** I have edited this to include the use of these instructions for not only a single desktop but also for other systems (including Windows boxes) to point to such a configured box on a network and be filtered. This requires the addition of the last line in firehol.conf as above "server webcache accept".

    The other systems must have their proxy settings set in the browser to point to the ip address of the dansguardian system and port 8080.

    In Firefox:
    Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration

    Check manual proxy configuration and add “your DG box ip address” in first box and “8080” in second
    Then tick “Use this proxy server for all protocols”

    These settings can be locked, instructions are available below to do this:

    Modify the file sudo gedit /usr/lib/firefox/firefox.cfg (sudo gedit /usr/share/doc/firefox-3.5/firefox.cfg) - for Firefox 3.5

    by adding the following:

    lockPref("network.proxy.http", "127.0.0.1");
    lockPref("network.proxy.http_port", 8080);
    lockPref("network.proxy.type", 1);
    lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");

    PLEASE NOTE: The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!
    Last edited by tonhou; November 24th, 2009 at 11:28 PM. Reason: Change in Dansguardian

  2. #2
    Join Date
    Feb 2006
    Location
    Kansas City, MO
    Beans
    1,106
    Distro
    Ubuntu

    Re: HOWTO: Install Dansguardian on a single desktop

    wow!! thanks for that howto!! i've been looking everywhere for that kinda thing!! you don't even need to configure the browser with the proxy or anything?

  3. #3
    Join Date
    Jul 2006
    Beans
    250
    Distro
    Ubuntu 6.10 Edgy

    Unhappy Re: HOWTO: Install Dansguardian on a single desktop

    just one problem when i follow this guide my browser can't connect but things like gaim and my email programme can connect??? anyone able to help m,e?

  4. #4
    Join Date
    Jan 2005
    Location
    Mount Morris, Michigan
    Beans
    176

    Re: HOWTO: Install Dansguardian on a single desktop

    I am having the same problem, it seems to block everything

  5. #5
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    Sorry that it is not working for you guys! I'm afraid I don't really know what the issues are. It has worked for me on around 6 systems that I have set up. I have also done other enhancements - added lines to dansguardian configuration to block undesirable image searches and also locked firefox browser settings to stop use of secure proxy sites.

    Could you check that each of the three programs are running. In a terminal:

    ps auxf

    Also you may like to look at this post where there is a similar approach with some different configuration:

    http://ubuntuforums.org/showpost.php...7&postcount=21

    --Tony

  6. #6
    Join Date
    Jan 2005
    Location
    Mount Morris, Michigan
    Beans
    176

    Re: HOWTO: Install Dansguardian on a single desktop

    I am sorry, it is actually working VERY well and now I just have to tinker with the filters.
    Thenk you for the HowTo, I have been looking for someting like this for months!

  7. #7
    Join Date
    Sep 2006
    Beans
    8

    Re: HOWTO: Install Dansguardian on a single desktop

    I am admitting that I am not using Ubuntu, but I am desperate. This posting is about the only one I have found regarding this topic. I am using a 2.6.17.11-shl-up-1 Kanotix kernel KDE 3.5.4 GUI. I am conected through a hub to a M$ box which is connected to a printer. I can get firehol working fine on its own, but as soon as I try to get tinyproxy and dansguardian running, all I get is DansGuardian: Error connecting to parent proxy. I read somewhere that you could run dpkg-reconfigure and it could do some of the work for you and I get chown: `dansguardian.dansguardian': invalid user. I figure it has to do with firehol, but I have no idea where I am going wrong, and the firehol site just tells you to read the readme file, which is fine if you know what you are doing and doing an advance setup, but all I want is for the internet connection, dansguardian, tinyproxy cups and samba to work. Is it at all possible to give me some aid? This is a grep of my firehol setup:
    version 5
    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
    transparent_squid 8080 "proxy root"
    interface any world
    policy drop
    protection strong
    client all accept
    server cups accept
    #From here on is what I needed to get firehol to work without tinyproxy and dansguardian. I hope this helps with solving what I need. I do understand that this section cannot remain the same.
    interface eth0 lan src "192.168.7.0/24" dst 192.168.7.151
    policy drop
    server ICMP accept
    server cups accept
    server dns accept
    server microsoft_ds accept
    server ntp accept
    server samba accept
    server ssh accept
    client all accept
    interface eth0 internet src not "${UNROUTABLE_IPS} 192.168.7.0/24" dst 192.168.7.151
    policy drop
    protection strong
    server ICMP accept
    server cups accept
    server dns accept
    server microsoft_ds accept
    server ntp accept
    server samba accept
    server ssh accept
    client all accept
    Last edited by LRC; September 4th, 2006 at 06:47 PM.

  8. #8
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    OK I have updated the first post with instructions on how to use with other networked systems.

    --Tony

  9. #9
    Join Date
    Oct 2004
    Location
    /dev/null
    Beans
    Hidden!

    Re: HOWTO: Install Dansguardian on a single desktop

    tonhou,

    Nice howto, thank you!

    You may wish to point out for those unfamiliar with the inner workings of Firefox, myself included, that the firefox.cfg file mentioned is an encoded file which Firefox can use to implement systems wide configuration variables. This file must be encoded, however, for Firefox to use it.

    For additional information, see:

    http://togami.com/%7Ewarren/guides/mozlockdown/
    http://archives.seul.org/seul/edu/Ja.../msg00049.html
    http://alain.knaff.lu/howto/MozillaC...on/locked.html

    Thanks again.

  10. #10
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    Thanks for the kind comments.

    When I first began looking at locking the prefs I read up about such things but found the Ubuntu Firefox cfg is not encoded - by default it has an entry to disallow upgrading, presumably so it can only happen through the official repositories - but no it is not encoded, at least not in Dapper.

    --Tony

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •