Hi david_kt, thanks for the quick answer, I just allowed my Server's MAC to pass in the network. By using this, I can now filter the network. Thanks a lot my friend!
Hi david_kt, thanks for the quick answer, I just allowed my Server's MAC to pass in the network. By using this, I can now filter the network. Thanks a lot my friend!
It's OK, everything we know will become obsolete at some time.
Assuming eth1 connected to LAN and eth0 connected to internet, try this on the server:
I do not know whether or not it is working as I have not tried it before. If it is not working, may be need to add MASQUERADE.Code:sudo iptables -I INPUT -i eth1 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT sudo iptables -I FORWARD -i eth1 -m mac --mac-source xx:xx:xx:xx:xx:xx -o eth0 -j ACCEPT
DK
Setup/Situation/Question/Configuration:
Setup:
For now, Ubuntu 9.04 - I would love to use 9.10 but it appears that UbuntuCE is the only distro that has all of Dansguardian ready to roll (I don't mind the webmin/Dansguardian plugin but I like the CE interface...efficient, simple). Currently my experience with Ubuntu 9.10 for my configuration is that it has issue with the /etc/gdm/PostLogin/Default.sample file and I am not getting any responses to why. I was getting error messages because the file starts !#/bin/sh so I retyped it to !#/bin/bash saved it, reran it, just for it to not kick an error message back...but, why? It still isn't working.FYI: My profiles default /bin/bash. Anyway, I'm trying. So here it goes...
Situation:
I have a couple of branches that use a community available wireless and I need to implement Dansguardian for their protection.
We are under development (at our library) to implement Ubuntu for our Public Internet. We need to offer levels of security to our Patrons. Aside: For our currently in use Ubuntu PCs we are using wireless (through a Bluesocket controller) and I have been pushing these PCs through our squid proxy for filtering. All is good in this world.
Question:
How can I get Dansguardian to function in this environment?
With the need to use separate profiles (see 1. Create multiple user profiles) how can I get Dansguardian to work for each profile.
I use timekpr to maintain time limits (set to the top of the hour) so that when the profiles are used/logged into there is only access for that time granted then it is locked. The following day with a new login and a copy of the base profile to replace the previous days profile, any and all profile data is wiped, completely.
Here is my configuation for 9.04
1. Create multiple user profiles.
I setup 1 profile as per our user needs that will serve as the base profile (found in /home ) for all the other profiles logging into 1 particular PC (we do have many Public PCs). I do this by being root and: cp -r someprofile base.
Then:
2. From /etc/gdm/PostLogin.
I recreate the Default file from the Default.sample file. Then I add the scripting and as root run the script from the prompt $./Default
For anyone that would like this script here it is.
#Script for resetting home directory
if [[ "$LOGNAME" == lnxlib* ]] ; then
rm -rf $HOME
cp -a /home/base $HOME
chown -R $LOGNAME:$LOGNAME $HOME
exit 0
else
exit 0
fi
This allows a profile to be cleanly reloaded the next day without any trace of files created website visited, etc., from the previous day.
3. Implement timekpr.
I then setup timekpr assigning time to the profile names. The profiles follow the script example of lnxlib* and follows the pattern lnxlib1 - lnxlib20. I use lnxlib20 as my "base" profile.
Once this is complete I restart the machine and viola`. The same desktop appears as I set it up for each patron that signs in based off of the profile lnxlib20.
FYI: I make sure that if I need to make any changes to the base profile that I rem out the lines from the Default file so that when I go into lnxlib20 to do a little reconfiguring I don't create any issues.
I also make sure that I don't include my base profile (my case lnxlib20) to timekpr. I usually just include a dozen or so profiles in timekpr.
I am hoping that my added information will inspire someone to give me the needed information to get Dansguardian to function in this environment because right now the logins can surf any site at leisure and I really want Ubuntu to be the coolest thing we have done for our library system this year. I just have to prove it to my peers.
Thank you
Last edited by tgoatley; February 20th, 2010 at 03:32 AM.
1. Have you rename /etc/gdm/PostLogin/Default.sample to /etc/gdm/PostLogin/Default ?
2. As long as the other users do not have root access, you could lock firefox proxy and make sure dansguardian is enable. All users would be filtered.
DK
Changed my setup entirely, am now using Squid Proxy Server with 2 NIC cards, made a tutorial, pls. comment on my system if needed.
PS You might be able to learn something from these videos as well:
Basic Squid Server Tutorial Part 1 of 3: http://www.youtube.com/watch?v=MMadVJNoD48
Basic Squid Server Tutorial Part 2 of 3: http://www.youtube.com/watch?v=5WJB0STcmZM
Basic Squid Server Tutorial Part 3 of 3: http://www.youtube.com/watch?v=Sizp7IH5Utg
It's OK, everything we know will become obsolete at some time.
I've got dansguardian working well with squid, except for the fact that Firefox's network settings can be temporarily changed (until ffx is restarted). I tried the following code in firefox.cfg as said on the first page of the thread:
lockPref("network.proxy.http", "127.0.0.1");
lockPref("network.proxy.http_port", 8080);
lockPref("network.proxy.type", 1);
lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
But as said before, it only changes the default, and can be changed in individual sessions.
EDIT: Just for clarification, its Firefox v3.6.10 on 10.04
Last edited by fishin4guitars; October 11th, 2010 at 06:18 AM. Reason: clarification
I've been using this HOWTO now for several years. Re-doing it each time I upgrade from one version of Ubuntu to the next. However in recent versions of Ubuntu dansguardian and tinyproxy have not worked well together, with lots of webpages appearing as blank and various content coding errors.
I'd resolved this by pinning tinyproxy to an older version. But this time I instead used privoxy. Prixovy seems to work more reliably with dansguardian and seems (although I may be imagining it) faster.
I did the following (in addition to the steps identified on page 1):
- sudo apt-get install privoxy
- sudo gedit /etc/init.d/privoxy
-- change OWNER to be root
- sudo gedit /etc/dansguardian/dansguardian.conf
-- change proxyport to 8118
- sudo /etc/init.d/tinyproxy stop; sudo /etc/init.d/privoxy start; sudo /etc/init.d/dansguardian restart
Bookmarks