Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installing the Dansguardian package in PFSense - One user's experience

    Scheduled Pinned Locked Moved Documentation
    86 Posts 27 Posters 158.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hugovsky
      last edited by

      Works great for me too. Using it with 300+ users and fiber. Thanks to Marcelloc and to all that contribute. Awesome job.

      1 Reply Last reply Reply Quote 0
      • N
        NemesisXIII
        last edited by

        I was able to get it reasonably configured and it seems to work for most everything I want but I have a persistent problem with Google.  I am unable to filter google's search results to be safe only.  It seems they changed all their search to https only and it is preventing me from enforcing safe mode (Searches for naughty words still show thumbnails of naughty content even though none of it is clickable.)  In my search I have found multiple modify statements none of which work.  Has anyone been able to find a way to enforce safe search or prevent searches of certain keywords from being successful?
        The best I've been able to manage is that http://216.239.32.20/ is the google search IP address and searches on it are properly caught by dansguardin(and properly safe search enforced); however any regular browser bar search or putting google.com into the address bar brings me back to my original problem of being unable to modify the ssl and search queries.

        Thanks for any help.

        1 Reply Last reply Reply Quote 0
        • R
          rjcrowder
          last edited by

          You can enter DNS overrides in the DNS settings to force resolution of google.com to nosslsearch.google.com (216.239.32.20).

          1 Reply Last reply Reply Quote 0
          • R
            Ricardozam
            last edited by

            Hello

            I'm new to pfSense and although I have managed to put into operation

            pfSense 2.1-RELEASE (i386)
            built on Wed Sep 11 18:16:50 EDT 2013
            FreeBSD 8.3-RELEASE-p11

            with squid3 2.0.6 pkg v3.1.20

            on this box
            CPU Type Intel (R) Core (TM) 2 Duo CPU E7500@2.93GHz
            2 CPUs: 1 package (s) x 2 core (s)
            2GB Memory
            100GB HD

            with up to 100 users for two weeks without problems

            I would like to advise me if it is possible to have Dansguardian v2.12.0.3 pkg v.0.1.8 with this setup and maintain a fully functional squid3 cache

            Thanks for your advice on this regards.

            1 Reply Last reply Reply Quote 0
            • Q
              q54e3w
              last edited by

              I've followed this guide but can't for the life of me get traffic to flow. The dansguardian and squid logs show zero activity so something pretty fundamental is wrong.
              My first pfsense box 192.168.10.1 runs openvpn, suricata and firewall.
              I've got a second pfsense box 192.168.10.2 running dansguardian and squid only which was intended to replace an untangle setup.
              The only difference I can see from this guide is I'm using a bridged connection to group my onboard wan, lan*3 ports plus my quad i350 and dual x520 with the first box. To reduce complexity I've reduced this down to a sole wan & lan bridged connection but no joy. Everything worked correctly prior to introducing dansguardian and squid so the bridge setup is sound.
              Is the bridge setup likely to cause problems?

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere
                last edited by

                Hi all,

                I would like to add Dansguardian to my squid3-dev squidgarden for Transparent Proxy with ssl filtering.
                squidgarde is working and filtering (just need to workout how to allow update services like windows update and adobe creative cloud, if anyone had any advice on this I would be much appreciated) UPDATE solved windows updates https://forum.pfsense.org/index.php?topic=73640.45

                The problem is that Dansguardian does not want to filter anything (http or https, i turned off squidgarden  to test this).

                I have tried creating  a NAT rule for Dansguardian  and put it on the TOP of the list
                LAN TCP * * LAN net 80 (HTTP) 192.168.1.1 8080 dans

                Dansguardian setup
                Listen interface: LAN
                port: 8080
                Proxy IP: 192.168.1.1
                Proxy Port: 3128
                SSL man in the middle Filtering using my certificate

                Squid setup
                http Proxy interface lan
                http Proxy port 3128
                Transparent Proxy interface lan
                Bypass proxy for these destination IPs 192.168.1.1
                SSL Intercept interface(s) lan
                SSL Proxy port blank

                Anyone have any suggestions?

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • J
                  jazzisjazz
                  last edited by

                  Howdy, I am trying to set up Dansguardian.

                  I hav a pfsense box with 1.8ghz amd 754 sempron, 2gigs memory, 32gb ssd.
                  2.1.5 is installed.

                  I have configured already to used opendns.

                  It works but I don't know if it could negatively affect another installed package.

                  I decided to try following your notes to install/configure Dansguardian.

                  WAN interface pointing at the ISP and
                  a LAN interface with the IP address 192.168.1.1.

                  Installed Dansguardian.

                  Setup
                  Go to: Services>Dansguardian
                  Click on Enable Dansguardian
                  Listen interface - LAN
                  Listen Port - 8080 typed in
                  Proxy IP - 192.168.1.1 (My PFSense box)
                  Proxy Port - 3128 typed in
                  Saved that.

                  DG is running Status>Services - checked.

                  I did not understand the following paragraph:

                  At this point I found there was nothing listening on port 3128 (sockstat -4l) which I didn't expect because I thought the package installed Squid so either I missed something or I was just wrong, either way, I decided I'd install squid from the package.

                  What test/command did you run to"find nothing listening"?

                  Installed Squid

                  System>Packages>Available Packages and select Squid
                  After squid installed I did not find a configuration page like I did for Dansguardian
                  under Services

                  Squid configuration (optional)
                  Visible host name - "your host name"

                  save

                  so I just saved.

                  Go back to Services>Dansguardian and click save in order to recycle DG
                  clicked save to recycle dansGuardian.

                  Changed settings in Firefox
                  Firefox proceed as follows:

                  Tools>Options
                  Network Tab>Settings>Manual Proxy configuration

                  HTTP Proxy - 10.0.2.1 (IP of your dansguardian/PFsense machine)
                  Port - 8080

                  Tick - Use this proxy for all protocols.

                  Now try to access both a good site and a bad site:

                  Can't access a good or bad site - so far

                  google.com - Good
                  tits.com - Bad (or any other bad site)

                  Where have I gone wrong?

                  1 Reply Last reply Reply Quote 0
                  • F
                    forca
                    last edited by

                    nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
                    this version of DG works:
                    http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
                    http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbi

                    But what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
                    this version of DG (used in last stable 2.2.2) crashes:
                    http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi

                    Is there a way or a trick to get it working properly?

                    As fallback, i could stay at 2.0.2…but i would like to use the last release

                    1 Reply Last reply Reply Quote 0
                    • F
                      forca
                      last edited by

                      @forca:

                      nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
                      this version of DG works:
                      http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
                      http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbi

                      But what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
                      this version of DG (used in last stable 2.2.2) crashes:
                      http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi

                      Is there a way or a trick to get it working properly?

                      As fallback, i could stay at 2.0.2…but i would like to use the last release

                      sorry, my bad…
                      on 2.0.2 is also http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi installed and works fine
                      on 2.2.2 http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi crashes

                      Any ideas?

                      1 Reply Last reply Reply Quote 0
                      • F
                        forca
                        last edited by

                        @forca:

                        @forca:

                        nice howto!! just tried out with pfs-2.0.2 on alix2d3, works fine as transparent or no transparent mode!!
                        this version of DG works:
                        http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.2.tbz
                        http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.0_2-i386.pbi

                        But what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
                        this version of DG (used in last stable 2.2.2) crashes:
                        http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi

                        Is there a way or a trick to get it working properly?

                        As fallback, i could stay at 2.0.2…but i would like to use the last release

                        sorry, my bad…
                        on 2.0.2 is also http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi installed and works fine
                        on 2.2.2 http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi crashes

                        Any ideas?

                        some news:
                        …seems to be a i386-problem. Just tried on apu1 with amd64-arch, dansguardian seems to work on last stable 2.2.2 version

                        1 Reply Last reply Reply Quote 0
                        • S
                          simonbrads
                          last edited by

                          @forca:

                          But what about DG within last stable (2.2.2) and brandnew (nightly build from today)? It crashes always (even on first start) with illegal instruction (dansguardian. Illegal instruction (core dumped)) :(
                          this version of DG (used in last stable 2.2.2) crashes:
                          http://files.pfsense.org/packages/8/All/dansguardian-2.12.0.3_2-i386.pbi

                          Same here. I just:

                          • Upgraded to pfSense 2.2.2-RELEASE

                          • Installed squid 2.7.9 pkg v.4.3.6

                          • Installed DansGuardian 2.12.0.3_2 pkg v.0.1.12

                          DG crashes straight away. :'(

                          1 Reply Last reply Reply Quote 0
                          • M
                            Mobile_Bob
                            last edited by

                            Looks like Dansguardian isn't supported anymore with the latest PFSense build.  A new Package E2Guardian (an updated fork of Dansguardian) is in the works.  Check out https://forum.pfsense.org/index.php?topic=87526.0

                            1 Reply Last reply Reply Quote 0
                            • A
                              aditaa
                              last edited by

                              @Chewy:

                              There is a tick box in the squid configuration page that is marked "Transparent Proxy" and promises to redirect everything automagically for you, it doesn't work for a DG set up in my experience.

                              The Transparent Proxy box does work …. the issue is that it sends it to squid not DG .... so it bypasses DG but squid proxy is set up that easy

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.