Dansguardian package for 2.0
-
PfSense 2.0.1 install Dansguardian v.0.1.2
error code
php: /pkg_edit.php: The command '/usr/local/etc/rc.d/dansguardian stop' returned exit code '1', the output was 'dansguardian not running? (check /var/run/dansguardian.pid).'
Jan 30 22:13:19 dansguardian[38774]: Error reading custom image file.where is problem?
-
PfSense 2.0.1 install Dansguardian v.0.1.2
error code
php: /pkg_edit.php: The command '/usr/local/etc/rc.d/dansguardian stop' returned exit code '1', the output was 'dansguardian not running? (check /var/run/dansguardian.pid).'
Jan 30 22:13:19 dansguardian[38774]: Error reading custom image file.where is problem?
try to start on console:
/usr/local/etc/rc.d/dansguardian start -
Dansguardian service status is running, but system logs error message
Jan 30 22:36:57 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/dansguardian stop' returned exit code '1', the output was 'dansguardian not running? (check /var/run/dansguardian.pid).'
Jan 30 22:36:57 dansguardian[50366]: Error reading custom image file.Content filter not working
-
Are you configuring client browser to use squid port or dansguardian port?
Can you paste return from:
ps ax | grep -i dansguardian -
Squid transparent proxy mode port number 3128, I add the adress to the black list of squid, it works without problem
$ ps ax | grep -i dansguardian
130 ?? I 0:00.00 /usr/local/sbin/dansguardian
366 ?? I 0:00.00 /usr/local/sbin/dansguardian
527 ?? I 0:00.00 /usr/local/sbin/dansguardian
557 ?? I 0:00.00 /usr/local/sbin/dansguardian
895 ?? I 0:00.00 /usr/local/sbin/dansguardian
1176 ?? I 0:00.00 /usr/local/sbin/dansguardian
1288 ?? I 0:00.00 /usr/local/sbin/dansguardian
1464 ?? I 0:00.00 /usr/local/sbin/dansguardian
1530 ?? I 0:00.00 /usr/local/sbin/dansguardian
48666 ?? S 0:00.00 sh -c ps ax | grep -i dansguardian
48931 ?? S 0:00.00 grep -i dansguardian
63558 ?? Is 0:00.02 /usr/local/sbin/dansguardian
63861 ?? I 0:00.01 /usr/local/sbin/dansguardian -
Squid transparent proxy mode port number 3128, I add the adress to the black list of squid, it works without problem
Your dansguardian is running.
Instead of using squid on transparent mode, config your browser to use dansguardian ip and port.
If you want o improve your transparente setup, configure WPAD/PAC on your DHCP.
-
my system configurations was working without problem on the squidquard, I unistalled squidquard and i installed dansquardian but now filter function is not working
-
my system configurations was working without problem on the squidquard, I unistalled squidquard and i installed dansquardian but now filter function is not working
Try a simple https://facebook.com with squid transparent + squidguard to see how transparent proxy is a ilusion of web filtering.
Dansguardian must stays in front of squid and a proxy configuration must exist to filter https and authenticate users.
If you really need transparent squid, you will need to setup a squid -> dansguardian -> squid.
Dansguardian does not works like squidguard, take a look on dansguardian website do understand better how it works.
-
Can you inform me with a more detailed explanation? If it is possible an explanation step by step for the settings of dans guardian will be better for me. I really appreciate your help. Thank you very much.
-
Can you inform me with a more detailed explanation? If it is possible an explanation step by step for the settings of dans guardian will be better for me. I really appreciate your help. Thank you very much.
If you understand the transparent proxy limitation, follow these links to get how automatic proxy configuration works
WPAD/PAC info
http://www.davidpashley.com/articles/automatic-proxy.htmlhttp://www.grape-info.com/doc/win2000srv/internet-gw/wpad/index.html
-
i'm going to keep my auto proxy config pointing directly to squid's port but on certain computers, manually enter the port for dansguardian.
For client ip logging from dansguard to squid, what i'm finding is there are 2 IPs, the client IP and 127.0.0.1. Going to http://checker.samair.ru/ show's this request when I have either forwardfor and/or usexforwardfor within dansguard and Disable X-Forward in squid unchecked.
squid logs only shows 127.0.0.1.. I'll have to do some more research and do some packet sniffing to verify whats going on…. Its been awhile, but i remember this work prefect when I was using 'client - hvap - squid'.. Squid reported the real client IP in its logs...
EDIT: I did a quick tcpdump and dansguard seems to sending the client IP under X-Forward-For within HTTP traffic.
-
If you change dansguardian log to squid format don't get the same result as squid log?
EDIT
If I have some time tomorrow I'll see if I can find how HAVP before squid don't affect squid log.
-
If you change dansguardian log to squid format don't get the same result as squid log?
true.. since i want to have the bulk of the clients going to squid directly and a couple going to dansguard then squid.. It would be nice to have it one log for lightsquid. No biggie right now as I think its a squid3 issue and not dansguardian…. i would downgrade to squid2 but need ipv6 for a certain setup i have..
i'll keep messing around with it but since dansguardian can out put a squid log, there is a workaround.
-
i got it to work… some how...lol
thanks again for all your help... I'm still going to mess around with the settings but squid3 is logging the client ip via dansguardian
I did add this to my squid options:
follow_x_forwarded_for allow localhost
forwarded_for deletesqstat still shows the localhost when I do real-time monitoring but the log shows the client ip.. Which in away makes sense
-
package version 0.1.3 is out
main chages:
-
cron updates for blacklist and clamav
-
template field for custom error page
-
fix some typos
still missing
- SSL men in the middle feature
-
-
looking good!
How does the users page work? i see the example you gave but not sure how to set it up for IP.. I enabled IP Address auth, then manually edit /usr/local/etc/dansguardian/lists/authplugins/ipgroups. That worked for me but would like to be able to use the GUI….
Also going to try it with freeradius2 with squid but going to see if I could use it based on IP/Subnets instead of usernames...
-
I've not used auth by ip yet.
The first step to users tab is to create a second group
for example:
set groupname to fullaccess
set Filter Group Mode to unfilteredsave config
goto users tab and add a ip to this user list and test.
EDIT
I'll need to push a patch to fill up /usr/local/etc/dansguardian/lists/authplugins/ipgroups when ipauth is selected.
Thanks again cino for the info.
-
in-case someone is looking, i found a ipv6 patch for dansguardian.. dont know if it'll work but wanted to share
http://tech.groups.yahoo.com/group/dansguardian/message/24827
patch
http://saschahlusiak.de/linux/dansguardian-ipv6.diff
-
Cino,
Do you have a freebsd8.1 vm with ports to test this patch?
-
i do not… i think i have still have pc-bsd 8.1 vm on my home server...which i've used to get some drivers for the lcdproc package.. let me see if i can install a plain-jane freebsd 8.1 on it and see what i can do... been a while messing with patches and re-compiling ports... i'll search the forum as i think there were some basic how-to's...