Dansguardian package for 2.0
-
thank's Marcello for you're quick response, it's fixed after reinstalling the package
-
version 0.1.5.4 of dansguardian package is out
Changes:
-
fix content xml call in dansguardian_url_acl.xml file
-
Includes exceptioniplist missing field on ip tab.
att,
Marcello Coutinho -
-
Maybe i missed out on all of this, but how do you access the logs created by Dansguardian. Also the funny thing is clicking reply showed up as pornographic. :o
Thanks.
Again i surprise myself. Figured it all out.
-
Maybe i missed out on all of this, but how do you access the logs created by Dansguardian.
using console/ssh, exec tail -f /var/log/dansguardian/access.log
Also the funny thing is clicking reply showed up as pornographic. :o
Just whitelist it ;)
-
I'm very new to proxies and running content filtering via servers, but I want to try. Can someone please tell me step-by-step (sorry for needing the newbie run down) how to set up squid + squidguard + dansguardian? (32-bit system)
From what I've read, squidguard is more customizable/configurable as far as ACLs (with respect to users, subnets, etc), but I really want content filtering instead of just URL filtering.
Thanks in advance!
-
test dansguardian + squid packages first.
Dansguardian default install creates almost 90% of default configuration, you will get a running filter with few steps:
-
Install squid2, enable service on loopback port 3128)
-
Install dansguardian package, enable service on port 8080
-
Create a firewall rule on lan to enable access to lan address port 8080
-
configure client proxy to use dansguardian ip/port
-
-
Thanks for the quick response. If I have two NICs (subnets) one for the adults and one for the kids, I read with the squidguard that it's very easy to make different blacklists per subnet or user. How easy is that to do with dansguardian? Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?
Now the really dumb questions… where do I get the dansguardian package? When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.
Thanks again!
-
How easy is that to do with dansguardian?
Just create groups based on ip addresses/subnets and select ip based auth
Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?
Yes.
where do I get the dansguardian package?
just go on system -> packages and install it.
When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.
Transparent proxy can only filter http but not https.
You can configure it using proxy wpad/pac settings on dns/dhcp
-
Transparent proxy can only filter http but not https.
is the ssl stuff already working?
thanks
-
is the ssl stuff already working?
No, we are still on the same point. Dansguardian tries to intercept but client rejects it's certificate.
-
i have installed Dansguardian but its not showing up in services or anywhere else apart from installed packages. i am using latest pfsense. any idea? thanks
-
-
I've had to drop this for a while (new baby and all) but I had someone asking about the SSO for dansguardian. Hopefully I'll be able to revisit it and provide a howto for everyone, though it may be a little while.
Marcelloc, did you ever get that patch from dansguardian working that would fix the bug about not being able to use multiple authplugins?
-
So couple questions… the first being that I was told in this thread to install Squid2, but I don't see Squid2 I only see Squid3 but it says it's a beta version. Is there still a Squid2 available?
Next thought, I don't understand the configuration of using the proxy. From the last response, I assume there is no firewall rule needed for using the proxy, but is there anything else in pfsense besides the loopback address at port 3128 that I would need to set up? Where is the setup for that loopback on port 3128 done?
Another thought, again sorry for the newbie questions, is the proxy automatically run on ALL NICs of pfsense because it's the interface to the WAN yes? Is there any way I can select which NICs the proxy is run on?
Last thought, with the firewall rules: Normal access on the KIDS opt interface I have a single rule that says allow any from KIDS net to any. Would that rule still exist or do I need to change that rule to only allowing on port 8080 to use dansguardian correctly? Does that question make sense?
Thanks again in advance!
-
Marcelloc, did you ever get that patch from dansguardian working that would fix the bug about not being able to use multiple authplugins?
Not yet, I've tried once without success. Next month maybe I'll have time to test it again.
-
i have installed Dansguardian but its not showing up in services or anywhere else apart from installed packages. i am using latest pfsense. any idea? thanks
Sam error here. I already reinstalled the whole package (2.12.0.0 pkg v.0.1.5.4 ) and just reinstalled the gui components from package management. Still no luck!
I have also installed Squid (2.7.9 pkg v.4.3.1 ) and Sarg (2.3.2 pkg v.0.5 )Any suggestions?
-
Tried to completely reinstall pfsense from scratch, imported my config and reinstalled 1) squid and 2) dansguardian. Both installation run without errors - but still no menu entry from dansguardian.
Anyone can help us?
-
Anybody? Any thoughts on my August 20th post?
Thanks!
-
So couple questions… the first being that I was told in this thread to install Squid2, but I don't see Squid2 I only see Squid3 but it says it's a beta version. Is there still a Squid2 available?
Squid version 2 should show on the list of packages to install. That said - either one will work.
Next thought, I don't understand the configuration of using the proxy. From the last response, I assume there is no firewall rule needed for using the proxy, but is there anything else in pfsense besides the loopback address at port 3128 that I would need to set up? Where is the setup for that loopback on port 3128 done?
I'm not sure I understand your question. You select loopback and start Squid listening on port 3128. Then you configure Dansguardian to talk to squid using the loopback (127.0.0.1). You can also configure it to start on the LAN interface and then use the IP address of your pfsense firewall
Another thought, again sorry for the newbie questions, is the proxy automatically run on ALL NICs of pfsense because it's the interface to the WAN yes? Is there any way I can select which NICs the proxy is run on?
Last thought, with the firewall rules: Normal access on the KIDS opt interface I have a single rule that says allow any from KIDS net to any. Would that rule still exist or do I need to change that rule to only allowing on port 8080 to use dansguardian correctly? Does that question make sense?
Again… not certain what you are asking. What I've done (for a non-transparent setup) is to block all internal addresses outbound. Then I configure all internal clients to use a proxy. This can be done either using an automatic Proxy PAC file or by setting it in the proxy settings of the browser. The easiest way to start testing it is to config the browser to use a proxy with IP address of your firewall and port 8080.
-
Tried to completely reinstall pfsense from scratch, imported my config and reinstalled 1) squid and 2) dansguardian. Both installation run without errors - but still no menu entry from dansguardian.
Anyone can help us?I ran into the same problem myself this morning. I resolved it by just going to my installed packages menu and clicking the button to reinstall Dansguardian. Then it showed up in my menu.
