Installing the Dansguardian package in PFSense - One user's experience
-
Think I may have tracked down why Dans doesn't start properly on bootup (on my setup)
I get this error:
php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/04/25 10:17:58| WARNING: '192.168.0.0/255.255.255.0' is a subnetwork of '192.168.0.0/255.255.255.0' 2012/04/25 10:17:58| WARNING: because of this '192.168.0.0/255.255.255.0' is ignored to keep splay tree searching predictable 2012/04/25 10:17:58| WARNING: You should probably remove '192.168.0.0/255.255.255.0' from the ACL named 'localnet' squid: ERROR: No running copy'On my squid setup I have chosen to select LAN + loopback, so that the children go through the 8080 dans proxy and my machine uses 3128 (for caching purposes)
Is it possible that this is causing the error and not allowing dans to start automatically.Still starts when I go in and press start.
Or am I just completely barking up the wrong tree…. ::)
Thanks
Chris -
Just another quick note on something that needs to be done… it appears that DG log rotation is not setup. You can enable the "logrotation" script in /usr/local/share/dansguardian/scripts/. To get it working, do the following.
1. Edit /usr/local/share/dansguardian/scripts/logrotation and change
LOG_DIR=/var/log/ to
LOG_DIR=/var/log/dansguardian
2. Make the file executable
chmod +x /usr/local/share/dansguardian/scripts/logrotation
3. Add it to your list of scheduled tasks in cron so that it executes once a week. To do so, I installed the "cron" package and added an entry as follows (executes at 2:30am on Saturday):
30 2 sat root /usr/local/share/dansguardian/scripts/logrotationHope this helps...
-
Just another quick note on something that needs to be done… it appears that DG log rotation is not setup. You can enable the "logrotation" script in /usr/local/share/dansguardian/scripts/.
Thanks for these steps, I'll take a look and implement when time permits.
-
I've just pushed some fixes do improve dansguardian boot process and checks.
On my tests, dansguardian startup time during boot process reduced to 20 seconds.
Wait 15 minutes, reinstall the package, apply config and reboot.
-
Firstly - Thanks Marcello that's excellent news. Can I just clarify that where you say "apply config and reboot" do you mean manually apply the config or restore from a saved xml config ? Would that work ? (Just saves me some time if it does).
Secondly and totally unconnected here's a strange one for Netflix users.
I recently re-installed my windows system onto a new SSD and subsequently my Netflix gave a Silverlight N8152 DRM error when starting. I tried every suggested fix I could find for what is apparently a fairly common error all to no avail. The solution I found that worked for me was to disable the Dansguardian redirect rule, start Netflix, watch a moment of some content then stop Netflix and re-enable the redirect rule for DG, no more DRM N8152 Silverlight problem…..
I have no idea why, but it worked for me.
-
Firstly - Thanks Marcello that's excellent news. Can I just clarify that where you say "apply config and reboot" do you mean manually apply the config or restore from a saved xml config ? Would that work ? (Just saves me some time if it does).
Reinstall the package, go on dansguardian gui, manually apply the config. If you whant to test boot process, reboot after apply config.
-
Hello All
Many thanks to the author of the Dansguardian-Package. This is a very usefull function added to pfSense.
I found a what appears to be a bug in the handling of the Dansguardian Package configuration on pfSense 2.
Setup:
pfSense 2.0.1-release
Dansguardian Package (2.12.0.0 pkg; v.0.1.5.3)
squid Package (2.7.9 pkg v.4.3.1)The Problem:
If I set on the configuration page of Dansguardian (>Services>Dansguardian>Daemon) the Proxi-IP to 127.0.0.1 and leave the value for the Proxy-Port empty (for the default) in the config file of Dansguardian (/usr/local/etc/dansguardian/dansguardian.conf) the value 127.0.0.1 will be written for the proxy-port entry (proxyport = 127.0.0.1).My Solution:
Manually set the value of the proxyport setting in /usr/local/etc/dansguardian/dansguardian.conf
(In the pfSense-webgui for example by browsing to the config-file via >Diagnostics>Edit File).Regards
Roman -
@rs:
The Problem:
If I set on the configuration page of Dansguardian (>Services>Dansguardian>Daemon) the Proxi-IP to 127.0.0.1 and leave the value for the Proxy-Port empty (for the default) in the config file of Dansguardian (/usr/local/etc/dansguardian/dansguardian.conf) the value 127.0.0.1 will be written for the proxy-port entry (proxyport = 127.0.0.1).My Solution:
Manually set the value of the proxyport setting in /usr/local/etc/dansguardian/dansguardian.confWhy not just fill proxy port fied? ???
-
Why not just fill proxy port fied? ???
Yes, this works, and is of course a better solution. I just not have tried it until now.
-
Hi All,
Where I could find exceptioniplist on the menu. It seems I can't find it.
Regards,
Rocel -
Where I could find exceptioniplist on the menu. It seems I can't find it.
http://forum.pfsense.org/index.php/topic,42664.msg274045.html#msg274045
-
Hi, I think there is an option under in DansGuardian to set timing. Access lists->site and url
-
Hi, I think there is an option under in DansGuardian to set timing. Access lists->site and url
-
Hi and thanks to all you where of great help..
I installed DansGuardian and Squid from packages, works fine, just a few questions,- is there a need to put in a blacklist url into Dansguardian?
- I'm trying to get "phrase" to work and it doesn't seem to?
I tried to just put e.g. "<gambling>" with or without spaces front or back but with out any response? Was able to enter any gambling site there is?
And while we are at it, where are the category settings? Also when a block comes up it just says Category regular expressions? wondering.
TIA
P.S. as a newbie using pfsense, thanks to the Makers, its unreal, great work.
and thanks to the maker of the DG pkg very nice job.</gambling> -
@hf:
I tried to just put e.g. "<gambling>" with or without spaces front or back but with out any response? Was able to enter any gambling site there is?</gambling>
You have to check to get dansguardian working before going on access lists.
Check if it's listening,
Check if dansguardian is sending traffic to squid
Check if clients are using dansguardian ip/port as their proxies.
check log files to see what is passing through dansguardian.
etc, etc, etc.This package gui follow dansguardian conf files, so you need some dansguardian knowledge to get it working
@hf:
thanks to the maker of the DG pkg very nice job.
Thanks! donations are always welcome ;D
att,
Marcello Coutinho -
Thanks,
When i put into Site e.g. "google.com" it got blocked so that tells me that it listens and works, doesn't it?And i added the rule under nat so i understand that all traffic is forwarded to DG?
Now the log files I wasn't able to figure it out? I'm using strictly the GUI.
TIA -
@hf:
When i put into Site e.g. "google.com" it got blocked so that tells me that it listens and works, doesn't it?
Did you enabled the phrase Banned Lists on default group?
@hf:
And i added the rule under nat so i understand that all traffic is forwarded to DG?
Using nat to get it transparent, you can only filter http.
@hf:
Now the log files I wasn't able to figure it out? I'm using strictly the GUI.
The log will be usefull only on console tail -f /var/log/dansguardian/access.log
-
guys, i'm at a loss here… I installed the dansguardian package and then had to uninstall it, and now after a reinstall, I can't get the gui components of the package to ever finish installing... it just stops at this part:
Removing Dansguardian components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Deinstall commands... done. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Beginning package installation for Dansguardian... Downloading package configuration file... done. Saving updated package information... done. Downloading Dansguardian and its dependencies... Checking for package installation... Loading package configuration... done. Configuring package components... Additional files... done. Loading package instructions... Custom commands... Executing custom_php_install_command()...Can someone please tell me what I should do here? I have DG working on another server but wanted to do it all on the pfsense box if i could…that way I can filter sites for my kids IPODs and stuff that doesn't have proxy settings easily available.
Appreciate your help, thanks in advance!
-
Can you check if there is any errors on console/system logs?
How old is your dansguardian install?
-
I didn't really see any errors on the logs or console…. i think it's probably about a year old installation at best. I have upgraded it whenever the upgrade was available from the main repository. I think dg is actually installing, but i'm not seeing any portions of it available for configuration in the GUI.
