Unofficial E2guardian package for pfSense
-
Need to figure out an easy/clean way to convert my old Dansguardian config to E2guardian (within the config.xml)
Easy as renaming it on xml(except for some config change from dansguardian to e2guardian) but I can help with a php script if you want.
I ran into some errors over the weekend when I tried it. I need to take another look and try again. I did rename everything from that had danguardian using find/replace. This time, I'll just focus on the ACL, Groups, IPs sections of the XML.
Thank you for the offer, I think Im good for now unless there is a need for it by the community
-
So, it appears to be working if I set a computer to proxy at port 8080 but not when passed to Squid transparently. From your previous response I see the IP and port should be defined on the Daemon tab but that appears to already be set properly by default and the config file shows proxyip=127.0.0.1 and proxyport=3128. On the General tab I've tried several options and combinations for Auth Plugins but it doesn't seem to be filtering through Squid.
Squid is running on port 3128 with all boxes in advanced being empty. Would it matter that I still have Squidguard installed but disabled?
-
[quote] .patch --check --forward --ignore-whitespace Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- pkg_edit.orig.php 2017-04-05 16:25:04.960401000 +0000 |+++ pkg_edit.php 2017-04-03 22:56:33.184313000 +0000 -------------------------- Patching file pkg_edit.php using Plan A... Hunk #1 failed at 651. 1 out of 1 hunks failed while patching pkg_edit.php done [/quote] What pfSense version are you using? I'm on 2.3.3 2.3.3-RELEASE-p1 (amd64) built on Thu Mar 09 07:17:41 CST 2017 FreeBSD 10.3-RELEASE-p17 It doesn't bother me all that much. I can make the change manually. It was more for your benefit so that you could get it fixed for future installs. -
It doesn't bother me all that much. I can make the change manually. It was more for your benefit so that you could get it fixed for future installs.
Sure. I'll test all install process(including blacklist) on a 2.3.3_p1 version too.
-
Hmmm. That's what I did. I get the alert of "E2guardian - Blacklist update process started" but never one that it completes. How can I see what's going on?
/usr/local/www/e2guardian.php fetch_blacklistThis is the script that fetches and apply the blacklist.
-
Awesome, thanks! Now that it seems to be working, any advice on getting it to work with Squid transparently?
-
Awesome, thanks! Now that it seems to be working, any advice on getting it to work with Squid transparently?
Dansguardian as two work modes.
The sandwich mode, where there is a squid -> e2guardian -> tinyproxy or any other cache
Or the starndard mode where it stays in front of squid or any other cache and try to forward client authentication requests
What mode are you using?
E2guardian transparent mode while in front of squid is setup manually, creating a nat rule pointing to its listening port.
-
I've moved the download and apply blacklist options from combo values to buttons on xml
-
It might be just my setup but there isn't any defaults for the 4 options under Anti-Virus. The boxes have no text. Also, under Search Engine there are no options only an Add/Save button. Click on Add, no options; only save. I downloaded the latest xml files this morning.
running on
2.3.4-DEVELOPMENT (amd64)
built on Tue Apr 04 16:31:17 CDT 2017
FreeBSD 10.3-RELEASE-p17 -
I'll test it today.
I'm also including the ssl group options introduced on e2guardian since 3.1 version
-
Awesome, thanks! Now that it seems to be working, any advice on getting it to work with Squid transparently?
Dansguardian as two work modes.
The sandwich mode, where there is a squid -> e2guardian -> tinyproxy or any other cache
Or the starndard mode where it stays in front of squid or any other cache and try to forward client authentication requests
What mode are you using?
E2guardian transparent mode while in front of squid is setup manually, creating a nat rule pointing to its listening port.
It would be transparent. SquidGuard doesn't need any NAT rules and just integrates with Squid. Does e2Guardian not behave the same way? I want it transparent with Squid so do I need a NAT rule that points LAN 80 to LAN 8080 and then e2G will automatically forward to Squid?
-
E2guardian is a daemon, not a squid helper. You need to configure ip, port , forward rules as a normal proxy daemon.
-
Ah, it's completely independent of Squid, then. Where does it sit in-line? I'll check the manuals tomorrow but does it sit between Squid and the user or between Squid and the WAN? I'm sure the forwards needed are in the documentation so I'll see if I can find the ports needed in the morning. Thanks for all your help!
-
Ah, it's completely independent of Squid, then. Where does it sit in-line? I'll check the manuals tomorrow but does it sit between Squid and the user or between Squid and the WAN? I'm sure the forwards needed are in the documentation so I'll see if I can find the ports needed in the morning. Thanks for all your help!
E2guardian replaces squidguard and in some cases can do all squid job too but it needs a cache peer to fetch urls.
The idea of this package is to have a full-feature replacement for squidguard and depending on you user authentication needs, dansguardian package itsel will do the job as it include tynyproxy for url fetch.
-
I've updated the binaries and GUI to include dnsauth and icap antivirus integration. The idea is to call clamv exactly the same way squid does to avoid package conflict.
-
Latest TODO as far as I can see
-
add gui group ssl options introduced since E2guardian 3.1
-
fix search acl tab and configuration
-
increase tiny proxy config values to March E2guardian start process configuration
-
Configure clamav icap
-
-
A method of configuring it to listen on a CARP address via the GUI would be great too - Squid you can do this from the 'Advanced Features - Custom Options'… or is this not possible with e2g, looks like multi interface listen causes problems at the moment?
-
It looks like multi interface listen causes problems at the moment?
Not anymore. I've hard coded a config option util multi auth psr port is better implemented on gui.
-
How do we update? Rerun the script? That's what I've done and I've got some changes.
-
How do we update? Rerun the script? That's what I've done and I've got some changes.
Yes, rerun. Few days ago I've updated the e2guardian binaries to include icap and dnsauth.
