Installing the Dansguardian package in PFSense - One user's experience
-
Works great for me too. Using it with 300+ users and fiber. Thanks to Marcelloc and to all that contribute. Awesome job.
-
I was able to get it reasonably configured and it seems to work for most everything I want but I have a persistent problem with Google. I am unable to filter google's search results to be safe only. It seems they changed all their search to https only and it is preventing me from enforcing safe mode (Searches for naughty words still show thumbnails of naughty content even though none of it is clickable.) In my search I have found multiple modify statements none of which work. Has anyone been able to find a way to enforce safe search or prevent searches of certain keywords from being successful?
The best I've been able to manage is that http://216.239.32.20/ is the google search IP address and searches on it are properly caught by dansguardin(and properly safe search enforced); however any regular browser bar search or putting google.com into the address bar brings me back to my original problem of being unable to modify the ssl and search queries.Thanks for any help.
-
You can enter DNS overrides in the DNS settings to force resolution of google.com to nosslsearch.google.com (216.239.32.20).
-
Hello
I'm new to pfSense and although I have managed to put into operation
pfSense 2.1-RELEASE (i386)
built on Wed Sep 11 18:16:50 EDT 2013
FreeBSD 8.3-RELEASE-p11with squid3 2.0.6 pkg v3.1.20
on this box
CPU Type Intel (R) Core (TM) 2 Duo CPU E7500@2.93GHz
2 CPUs: 1 package (s) x 2 core (s)
2GB Memory
100GB HDwith up to 100 users for two weeks without problems
I would like to advise me if it is possible to have Dansguardian v2.12.0.3 pkg v.0.1.8 with this setup and maintain a fully functional squid3 cache
Thanks for your advice on this regards.
-
I've followed this guide but can't for the life of me get traffic to flow. The dansguardian and squid logs show zero activity so something pretty fundamental is wrong.
My first pfsense box 192.168.10.1 runs openvpn, suricata and firewall.
I've got a second pfsense box 192.168.10.2 running dansguardian and squid only which was intended to replace an untangle setup.
The only difference I can see from this guide is I'm using a bridged connection to group my onboard wan, lan*3 ports plus my quad i350 and dual x520 with the first box. To reduce complexity I've reduced this down to a sole wan & lan bridged connection but no joy. Everything worked correctly prior to introducing dansguardian and squid so the bridge setup is sound.
Is the bridge setup likely to cause problems? -
Hi all,
I would like to add Dansguardian to my squid3-dev squidgarden for Transparent Proxy with ssl filtering.
squidgarde is working and filtering (just need to workout how to allow update services like windows update and adobe creative cloud, if anyone had any advice on this I would be much appreciated) UPDATE solved windows updates https://forum.pfsense.org/index.php?topic=73640.45The problem is that Dansguardian does not want to filter anything (http or https, i turned off squidgarden to test this).
I have tried creating a NAT rule for Dansguardian and put it on the TOP of the list
LAN TCP * * LAN net 80 (HTTP) 192.168.1.1 8080 dansDansguardian setup
Listen interface: LAN
port: 8080
Proxy IP: 192.168.1.1
Proxy Port: 3128
SSL man in the middle Filtering using my certificateSquid setup
http Proxy interface lan
http Proxy port 3128
Transparent Proxy interface lan
Bypass proxy for these destination IPs 192.168.1.1
SSL Intercept interface(s) lan
SSL Proxy port blankAnyone have any suggestions?
-
Howdy, I am trying to set up Dansguardian.
I hav a pfsense box with 1.8ghz amd 754 sempron, 2gigs memory, 32gb ssd.
2.1.5 is installed.I have configured already to used opendns.
It works but I don't know if it could negatively affect another installed package.
I decided to try following your notes to install/configure Dansguardian.
WAN interface pointing at the ISP and
a LAN interface with the IP address 192.168.1.1.Installed Dansguardian.
Setup
Go to: Services>Dansguardian
Click on Enable Dansguardian
Listen interface - LAN
Listen Port - 8080 typed in
Proxy IP - 192.168.1.1 (My PFSense box)
Proxy Port - 3128 typed in
Saved that.DG is running Status>Services - checked.
I did not understand the following paragraph:
At this point I found there was nothing listening on port 3128 (sockstat -4l) which I didn't expect because I thought the package installed Squid so either I missed something or I was just wrong, either way, I decided I'd install squid from the package.
What test/command did you run to"find nothing listening"?
Installed Squid
System>Packages>Available Packages and select Squid
After squid installed I did not find a configuration page like I did for Dansguardian
under ServicesSquid configuration (optional)
Visible host name - "your host name"save
so I just saved.
Go back to Services>Dansguardian and click save in order to recycle DG
clicked save to recycle dansGuardian.Changed settings in Firefox
Firefox proceed as follows:Tools>Options
Network Tab>Settings>Manual Proxy configurationHTTP Proxy - 10.0.2.1 (IP of your dansguardian/PFsense machine)
Port - 8080Tick - Use this proxy for all protocols.
Now try to access both a good site and a bad site:
Can't access a good or bad site - so far
google.com - Good
tits.com - Bad (or any other bad site)Where have I gone wrong?
-
nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
this version of DG works:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbiBut what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
this version of DG (used in last stable 2.2.2) crashes:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbiIs there a way or a trick to get it working properly?
As fallback, i could stay at 2.0.2…but i would like to use the last release
-
nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
this version of DG works:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbiBut what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
this version of DG (used in last stable 2.2.2) crashes:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbiIs there a way or a trick to get it working properly?
As fallback, i could stay at 2.0.2…but i would like to use the last release
sorry, my bad…
on 2.0.2 is also http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi installed and works fine
on 2.2.2 http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi crashesAny ideas?
-
nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
this version of DG works:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbiBut what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
this version of DG (used in last stable 2.2.2) crashes:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbiIs there a way or a trick to get it working properly?
As fallback, i could stay at 2.0.2…but i would like to use the last release
sorry, my bad…
on 2.0.2 is also http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi installed and works fine
on 2.2.2 http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi crashesAny ideas?
some news:
…seems to be a i386-problem. Just tried on apu1 with amd64-arch, dansguardian seems to work on last stable 2.2.2 version -
But what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
this version of DG (used in last stable 2.2.2) crashes:
http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbiSame here. I just:
-
Upgraded to pfSense 2.2.2-RELEASE
-
Installed squid 2.7.9 pkg v.4.3.6
-
Installed DansGuardian 2.12.0.3_2 pkg v.0.1.12
DG crashes straight away. :'(
-
-
Looks like Dansguardian isn't supported anymore with the latest PFSense build. A new Package E2Guardian (an updated fork of Dansguardian) is in the works. Check out https://forum.pfsense.org/index.php?topic=87526.0
-
There is a tick box in the squid configuration page that is marked "Transparent Proxy" and promises to redirect everything automagically for you, it doesn't work for a DG set up in my experience.
The Transparent Proxy box does work …. the issue is that it sends it to squid not DG .... so it bypasses DG but squid proxy is set up that easy