Dansguardian does an outstanding job of web content filtering to protect from rubbish on the internet. This howto is a synthesis of information taken from:
http://www.pilpi.net/journal/item-985.php
** Edit ** 25th November 2009 Please see final pages of this thread (Pages 13-14) for adaptions/updates to this howto for Ubuntu 9.10 (Karmic) and in particular issues with Karmic version of Dansguardian. Also a deb that is available to automate much of this.
Setting up Dansguardian using Tinyproxy and Firehol on Ubuntu/Edubuntu
1. Ensure "universe repository" is activated and install packages:
sudo apt-get update
sudo apt-get install dansguardian tinyproxy firehol
Note: will probably need to reinstall dansguardian to overcome clamav config errors.
2. Edit: sudo gedit /etc/dansguardian/dansguardian.conf
a) Add comment (#) to:
#UNCONFIGURED
b) Turn off virus checking (if not wanted):
virusscan=off
c) Check that the following are set:
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
d) Save & exit.
e) Run:
sudo dpkg-reconfigure dansguardian
3. Edit: sudo gedit /etc/firehol/firehol.conf
Add all of the following at the start of the document:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
#server webcache accept
Note: will need to remove "interface any world . . ." further on in the document.
Note: uncomment "server webcache accept" if this dansguardian system is going to filter others on a network BUT do not then connect directly to the internet as this is opening it wide open for anyone to access!
4. Edit: sudo gedit /etc/default/firehol
START_FIREHOL=YES
This is to allow restarting of the firewall.
5. Edit sudo gedit /etc/tinyproxy/tinyproxy.conf
Change/add the following lines (by scrolling through the document):
User root
Group root
Port 3128
ViaProxyName "tinyproxy"
6. Restart each program:
sudo /etc/init.d/tinyproxy restart
sudo /etc/init.d/firehol restart
sudo /etc/init.d/dansguardian restart
7. Dansguardian should now be operational blocking objectional sites using any browser!
** EDITED INFORMATION ** I have edited this to include the use of these instructions for not only a single desktop but also for other systems (including Windows boxes) to point to such a configured box on a network and be filtered. This requires the addition of the last line in firehol.conf as above "server webcache accept".
The other systems must have their proxy settings set in the browser to point to the ip address of the dansguardian system and port 8080.
In Firefox:
Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration
Check manual proxy configuration and add “your DG box ip address” in first box and “8080” in second
Then tick “Use this proxy server for all protocols”
These settings can be locked, instructions are available below to do this:
Modify the file sudo gedit /usr/lib/firefox/firefox.cfg (sudo gedit /usr/share/doc/firefox-3.5/firefox.cfg) - for Firefox 3.5
by adding the following:
lockPref("network.proxy.http", "127.0.0.1");
lockPref("network.proxy.http_port", 8080);
lockPref("network.proxy.type", 1);
lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
PLEASE NOTE: The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!
Bookmarks