Dansguardian package for 2.0

marcelloc

@rjcrowder:

Interesting… Glad it works. However, I'm slightly concerned that it may break in the future if there is not a way to explicitly control startup order... Guess I'll have to wait and see.

I'm quite sure it will not break as all my working dansguardians has squid started after.

Dansguardian does not crash or exit on the first squid test.

rjcrowder

@marcelloc:

@rjcrowder:

Interesting… Glad it works. However, I'm slightly concerned that it may break in the future if there is not a way to explicitly control startup order... Guess I'll have to wait and see.

I'm quite sure it will not break as all my working dansguardians has squid started after.

Dansguardian does not crash or exit on the first squid test.

Reinstalled physical tonight… no problem.  Thanks for all the great work on this package!

dig1234

Is there any way I could get "captive portal" style authentication with dansguardian either through the built-in pfsense captive portal or something else? Basically I'm looking for forms based authentication.

FiscoKid

The content scanner timeout should read 60 seconds on the DansGuardian config page. Instead the field changes to the icapserver settings. The error I received was that Dans Guardian could not understand the config file.

abnz

The startup problem is solved for me. Dans Guardian now starts on reboot. Thanks.

asterix

Is there a doc that explains step by step how to configure Dansguardian? I am looking to replace SquidGuard (which works fine) with Dansguardian.
I have Snort, HAVP, Squid (null config) and SquidGuard installed.

rjcrowder

@asterix:

Is there a doc that explains step by step how to configure Dansguardian? I am looking to replace SquidGuard (which works fine) with Dansguardian.
I have Snort, HAVP, Squid (null config) and SquidGuard installed.

Check out this thread http://forum.pfsense.org/index.php/topic,47856.0.html

asterix

Thank you !!!!!!

fiftyheight

hi all
I have a bug here:

in access list, when I am in URL tab, and then I click on Content tab, it goes to Extension tab

Can someone reproduced this ?

bye
Julien

marcelloc

@fiftyheight:

in access list, when I am in URL tab, and then I click on Content tab, it goes to Extension tab

Thank's for the feedback Julien

It's fixed now.
To apply this patch, just reinstall the package or apply the changes to dansguardian_url_acl.xml

https://github.com/bsdperimeter/pfsense-packages/commit/5e02cb482cd5bc25eaac17e7af33c4039390ed33

att,
Marcello Coutinho

fiftyheight

thank's Marcello for you're quick response, it's fixed after reinstalling the package

marcelloc

version 0.1.5.4 of dansguardian package is out

Changes:

• fix content xml call in dansguardian_url_acl.xml file

• Includes exceptioniplist missing field on ip tab.

att,
Marcello Coutinho

pman860507

Maybe i missed out on all of this, but how do you access the logs created by Dansguardian.  Also the funny thing is clicking reply showed up as pornographic.  :o

Thanks.

Again i surprise myself. Figured it all out.

marcelloc

@pman860507:

Maybe i missed out on all of this, but how do you access the logs created by Dansguardian.

using console/ssh, exec tail -f /var/log/dansguardian/access.log

@pman860507:

Also the funny thing is clicking reply showed up as pornographic.  :o

Just whitelist it  ;)

broncoBrad

I'm very new to proxies and running content filtering via servers, but I want to try. Can someone please tell me step-by-step (sorry for needing the newbie run down) how to set up squid + squidguard + dansguardian? (32-bit system)

From what I've read, squidguard is more customizable/configurable as far as ACLs (with respect to users, subnets, etc), but I really want content filtering instead of just URL filtering.

Thanks in advance!

marcelloc

test dansguardian + squid packages first.

Dansguardian default install creates almost 90% of default configuration, you will get a running filter with few steps:

• Install squid2, enable service on loopback port 3128)

• Install dansguardian package, enable service on port 8080

• Create a firewall rule on lan to enable access to lan address port 8080

• configure client proxy to use dansguardian ip/port

broncoBrad

Thanks for the quick response. If I have two NICs (subnets) one for the adults and one for the kids, I read with the squidguard that it's very easy to make different blacklists per subnet or user. How easy is that to do with dansguardian? Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?

Now the really dumb questions… where do I get the dansguardian package? When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.

Thanks again!

marcelloc

@broncoBrad:

How easy is that to do with dansguardian?

Just create groups based on ip addresses/subnets and select ip based auth

@broncoBrad:

Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?

Yes.

@broncoBrad:

where do I get the dansguardian package?

just go on system -> packages and install it.

@broncoBrad:

When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.

Transparent proxy can only filter http but not https.

You can configure it using proxy wpad/pac settings on dns/dhcp

elemay

@marcelloc:

Transparent proxy can only filter http but not https.

is the ssl stuff already working?

thanks

marcelloc

@elemay:

is the ssl stuff already working?

No, we are still on the same point. Dansguardian tries to intercept but client rejects it's certificate.