Installing the Dansguardian package in PFSense - One user's experience

hf

Hi and thanks to all you where of great help..
I installed DansGuardian and Squid from packages, works fine, just a few questions,

1. is there a need to put in a blacklist url into Dansguardian?
2. I'm trying to get "phrase" to work and it doesn't seem to?
   I tried to just put e.g. "<gambling>" with or without spaces front or back but with out any response? Was able to enter any gambling site there is?
   And while we are at it, where are the category settings? Also when a block comes up it just says Category regular expressions? wondering.
   TIA

P.S. as a newbie using pfsense, thanks to the Makers, its unreal, great work.
and thanks to the maker of the DG pkg very nice job.</gambling>

marcelloc

@hf:

I tried to just put e.g. "<gambling>" with or without spaces front or back but with out any response? Was able to enter any gambling site there is?</gambling>

You have to check to get dansguardian working before going on access lists.

Check if it's listening,
Check if dansguardian is sending traffic to squid
Check if clients are using dansguardian ip/port as their proxies.
check log files to see what is passing through dansguardian.
etc, etc, etc.

This package gui follow dansguardian conf files, so you need some dansguardian knowledge to get it working

@hf:

thanks to the maker of the DG pkg very nice job.

Thanks! donations are always welcome ;D

att,
Marcello Coutinho

hf

Thanks,
When i put into Site e.g. "google.com" it got blocked so that tells me that it listens and works, doesn't it?

And i added the rule under nat so i understand that all traffic is forwarded to DG?

Now the log files I wasn't able to  figure it out? I'm using strictly the GUI.
TIA

marcelloc

@hf:

When i put into Site e.g. "google.com" it got blocked so that tells me that it listens and works, doesn't it?

Did you enabled the phrase Banned Lists on default group?

@hf:

And i added the rule under nat so i understand that all traffic is forwarded to DG?

Using nat to get it transparent, you can only filter http.

@hf:

Now the log files I wasn't able to  figure it out? I'm using strictly the GUI.

The log will be usefull only on console tail -f /var/log/dansguardian/access.log

emuttillo

guys, i'm at a loss here… I installed the dansguardian package and then had to uninstall it, and now after a reinstall, I can't get the gui components of the package to ever finish installing...  it just stops at this part:

Removing Dansguardian components...
Tabs items... done.
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Beginning package installation for Dansguardian...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading Dansguardian and its dependencies... 
Checking for package installation... Loading package configuration... done.
Configuring package components...
Additional files... done.
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...

Can someone please tell me what I should do here?  I have DG working on another server but wanted to do it all on the pfsense box if i could…that way I can filter sites for my kids IPODs and stuff that doesn't have proxy settings easily available.

Appreciate your help, thanks in advance!

marcelloc

Can you check if there is any errors on console/system logs?

How old is your dansguardian install?

emuttillo

I didn't really see any errors on the logs or console….  i think it's probably about a year old installation at best.  I have upgraded it whenever the upgrade was available from the main repository.  I think dg is actually installing, but i'm not seeing any portions of it available for configuration in the GUI.

marcelloc

@emuttillo:

but i'm not seeing any portions of it available for configuration in the GUI.

If you can't see it on pfsense menu, try to remove/install the package again.

emuttillo

hi Marcello,
I've done that probably 5 times and still not showing up…it just stops at that one point and nothing happens, even if i let it sit there for an hour it never finishes apparently.

i'm tempted to blow it away tonight and reinstall pfsense2 and restore backup and try again... hate to do that if i don't have to though.

doesn't appear that it's fully installing when i run the package, it goes through some of the motions but never registers the service as available and the GUI components never show up.

marcelloc

I'm have no idea what's going on with your install, I've tested here and could uninstall/install dansguardian without errors.

I'm going to test it on other machines too.

emuttillo

ok, well, i guess i have no other choice but to fully wipe the pfsense install and start over… luckily, i don't have a very involved configuration so it shouldn't take too long, just have to deal with a wife who will not be happy for me blocking her facebook time.  lol

jai23155

Nice write up.. i have installed Dansguardian and configured it as you said. but after finishing 1st step, when i test it I cannot browse anything at all, no good site, no bad site, no pfsense either. any idea what i am doing wrong.

OK.. managed to setup DG successfully. Now, how do i check the reports based on AD username??

marcelloc

@jai23155:

OK.. managed to setup DG successfully. Now, how do i check the reports based on AD username??

with a tail -f on /var/log/dansguardian/access.log or with sarg package.  :)

viko

Hi all

Marcello thx for the DG packages, using this topic i have it running almost perfekt.

The problems that i have are that sarg its showing only the logs for 2 days (13 and 21 August) and only with the ip adress from my pfsense install.
In "realtime" i have the hosts names visible. With lightsquid i have couple days more, but same only with pfsense ip adress. Squid is running transparent.

The second problem is: i have 2 samsung TVs and i stream internet radio with this (vtuner App). I placed the 2 TV IPs in Exception and now one its working, the second cannot connect to the stream servers. In the log file its showing "miss" and not "denied".

Thx
Viko

marcelloc

@viko:

Marcello thx for the DG packages, using this topic i have it running almost perfekt.

Thanks. donations are always welcome too  ;D

@viko:

The problems that i have are that sarg its showing only the logs for 2 days (13 and 21 August) and only with the ip adress from my pfsense install.
In "realtime" i have the hosts names visible. With lightsquid i have couple days more, but same only with pfsense ip adress. Squid is running transparent.

are you using two squid?

squid(transparente) -> dansguardian -> squid?

did you tried dansguardian(transparent with nat rules) -> squid.

did you tried to run sarg on console to see what errors you get?

@viko:

The second problem is: i have 2 samsung TVs and i stream internet radio with this (vtuner App). I placed the 2 TV IPs in Exception and now one its working, the second cannot connect to the stream servers. In the log file its showing "miss" and not "denied".

the miss on logs means "access allowed but not in cache".

viko

Hi Marcello

Donation its already done. Thx for your help.

I have Squid (Transparent) - Dansguardian - NAT Rule. After a reboot everything is OK now.

Viko

marcelloc

@viko:

Donation its already done.

Thanks for supporting this package  ;D

Munis

Thank a lot guys! this is what i am looking for!

baud

Hello,

Good day! Just a quick questions you gents, I'm currently running pfsense:

2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6

and I have created a separate computer/box/server that handles Dansguardian+Squid.  On my pfsense firewall, I have installed the squid package (2.7.9 pkg v.4.3.2) then I enable transparent proxy option on that one, and added this line on the custom configuration part:

cache_peer 192.168.127.222 parent 3128 0 no-query no-digest

then I added the squid/dansguardian ip to  the bypass proxy originating from this ip line.  I have also used "null" for the hardisk cache system so that i won't be caching the same thing twice.  Everything is working with this setup so far, the only problem I am having is that on the dansguardian/squid box, that is logged is the ip of the pfsense box and not the ips of the computers used by our users.  I do understand why this is so, but I can't seem to figure out how to have the original ips passed to the squid/dansguardian box… any ideas? Thanks!

marcelloc

@baud:

I do understand why this is so, but I can't seem to figure out how to have the original ips passed to the squid/dansguardian box… any ideas? Thanks!

It will always log server ip as it is proxing connections.

To have real ip on you box, you need a rule o lan using dansguardian box ip address as gateway to forward requests to it.