Dansguardian package for 2.0
-
Can you inform me with a more detailed explanation? If it is possible an explanation step by step for the settings of dans guardian will be better for me. I really appreciate your help. Thank you very much.
If you understand the transparent proxy limitation, follow these links to get how automatic proxy configuration works
WPAD/PAC info
http://www.davidpashley.com/articles/automatic-proxy.htmlhttp://www.grape-info.com/doc/win2000srv/internet-gw/wpad/index.html
-
i'm going to keep my auto proxy config pointing directly to squid's port but on certain computers, manually enter the port for dansguardian.
For client ip logging from dansguard to squid, what i'm finding is there are 2 IPs, the client IP and 127.0.0.1. Going to http://checker.samair.ru/ show's this request when I have either forwardfor and/or usexforwardfor within dansguard and Disable X-Forward in squid unchecked.
squid logs only shows 127.0.0.1.. I'll have to do some more research and do some packet sniffing to verify whats going on…. Its been awhile, but i remember this work prefect when I was using 'client - hvap - squid'.. Squid reported the real client IP in its logs...
EDIT: I did a quick tcpdump and dansguard seems to sending the client IP under X-Forward-For within HTTP traffic.
-
If you change dansguardian log to squid format don't get the same result as squid log?
EDIT
If I have some time tomorrow I'll see if I can find how HAVP before squid don't affect squid log.
-
If you change dansguardian log to squid format don't get the same result as squid log?
true.. since i want to have the bulk of the clients going to squid directly and a couple going to dansguard then squid.. It would be nice to have it one log for lightsquid. No biggie right now as I think its a squid3 issue and not dansguardian…. i would downgrade to squid2 but need ipv6 for a certain setup i have..
i'll keep messing around with it but since dansguardian can out put a squid log, there is a workaround.
-
i got it to work… some how...lol
thanks again for all your help... I'm still going to mess around with the settings but squid3 is logging the client ip via dansguardian
I did add this to my squid options:
follow_x_forwarded_for allow localhost
forwarded_for deletesqstat still shows the localhost when I do real-time monitoring but the log shows the client ip.. Which in away makes sense
-
package version 0.1.3 is out
main chages:
-
cron updates for blacklist and clamav
-
template field for custom error page
-
fix some typos
still missing
- SSL men in the middle feature
-
-
looking good!
How does the users page work? i see the example you gave but not sure how to set it up for IP.. I enabled IP Address auth, then manually edit /usr/local/etc/dansguardian/lists/authplugins/ipgroups. That worked for me but would like to be able to use the GUI….
Also going to try it with freeradius2 with squid but going to see if I could use it based on IP/Subnets instead of usernames...
-
I've not used auth by ip yet.
The first step to users tab is to create a second group
for example:
set groupname to fullaccess
set Filter Group Mode to unfilteredsave config
goto users tab and add a ip to this user list and test.
EDIT
I'll need to push a patch to fill up /usr/local/etc/dansguardian/lists/authplugins/ipgroups when ipauth is selected.
Thanks again cino for the info.
-
in-case someone is looking, i found a ipv6 patch for dansguardian.. dont know if it'll work but wanted to share
http://tech.groups.yahoo.com/group/dansguardian/message/24827
patch
http://saschahlusiak.de/linux/dansguardian-ipv6.diff
-
Cino,
Do you have a freebsd8.1 vm with ports to test this patch?
-
i do not… i think i have still have pc-bsd 8.1 vm on my home server...which i've used to get some drivers for the lcdproc package.. let me see if i can install a plain-jane freebsd 8.1 on it and see what i can do... been a while messing with patches and re-compiling ports... i'll search the forum as i think there were some basic how-to's...
-
I can help you
After freebsd install,
-
portsnap fetch
-
portsnap extract
Dansguardian port is in /usr/ports/www/dansguardian-devel
-
-
thanks again! just so i'm on the same page, what were the options you selected when you ran the make command? i see there are a few options then more options depending of the depen its going to install.
-
thanks again! just so i'm on the same page, what were the options you selected when you ran the make command? i see there are a few options then more options depending of the depen its going to install.
That's my make config screen.
-
looks like the patch is for danguardian 2.10.1.1 :-( Going to try it out tho and see if it works.
I dont know if my steps are correct, but after running the commands you provided. I downloaded dansguardian src to /usr/ports/distfiles then ran cmd make. After that command finished, I change to the src dir and ran the patch command. make configure, and now i'm in the process of running make install. I'm thinking i should had untar the src in the /usr/ports/distfiles then ran the make command. Does it matter?
Once make install is down. How to do I turn it into a package?
btw, i've attached the missing blockedflash.swf file… not needed but the error in the log goes away. should be placed here /usr/local/share/dansguardian
thanks again for all your help
-
looks like the patch is for danguardian 2.10.1.1 :-( Going to try it out tho and see if it works.
I dont know if my steps are correct, but after running the commands you provided. I downloaded dansguardian src to /usr/ports/distfiles then ran cmd make. After that command finished, I change to the src dir and ran the patch command. make configure, and now i'm in the process of running make install. I'm thinking i should had untar the src in the /usr/ports/distfiles then ran the make command. Does it matter?
source is extracted to /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0
try to apply the patch there.Once make install is down. How to do I turn it into a package?
instead of make install, do a make package. the dansguardian.tbz will be created on current dir.
btw, i've attached the missing blockedflash.swf file… not needed but the error in the log goes away. should be placed here /usr/local/share/dansguardian
Thanks, included in package install
-
thanks again… Looks like the patch doesn't work.. Its for 2.10.1.1 so I worked with that version just to see if it works but system is having problems binding to the IP.. I'll wait for it to be officially supported by dansguardian. You would think it would be supported by now. I know of a lot of companies including the one I work for that uses it.
I removed it from my box and went back to 2.12.0.0_1. It was a good learning experience tho :-)
Feb 3 13:58:12 dansguardian[51970]: Error binding server socket (is something else running on the filter port and ip? Feb 3 13:58:12 dansguardian[51970]: Error binding socket: [135264876 :: 0] (Bad file descriptor) Feb 3 13:57:37 dansguardian[33681]: Exiting with error Feb 3 13:57:37 dansguardian[33681]: Error binding server socket (is something else running on the filter port and ip? Feb 3 13:57:37 dansguardian[33681]: Error binding socket: [135264876 :: 0] (Bad file descriptor) Feb 3 13:57:22 dansguardian[59298]: Exiting with error Feb 3 13:57:22 dansguardian[59298]: Error binding server socket (is something else running on the filter port and ip? Feb 3 13:57:22 dansguardian[59298]: Error binding socket: [135264876 0.0.0.0 0] (Bad file descriptor) Feb 3 13:56:59 dansguardian[9179]: Exiting with error Feb 3 13:56:59 dansguardian[9179]: Error binding server socket (is something else running on the filter port and ip? Feb 3 13:56:59 dansguardian[9179]: Error binding socket: [135264876 192.168.0.1 0] (Bad file descriptor)
-
Just pushed 0.1.4 version with
-
Include missing blockedflash.swf (thanks cino)
-
Include ip based list tab
-
-
IP tab works good! Was able to put the whole subnet in the default and add some within the range to the filtered group.
Have you ever seen this error yet when restarting the service after a reinstall
dansguardian[23364]: Error binding ipc server file (try using the SysV to stop DansGuardian then try starting it again or doing an 'rm /tmp/.dguardianipc').
squid account doesn't have permission to the /tmp dir i'm thinking… or it does but the /tmp gets deleted on every reboot i believe. i change the permission for a quick fix but also a reboot seems to solve it but it does come back here and there.
-
Have you ever seen this error yet when restarting the service after a reinstall
dansguardian[23364]: Error binding ipc server file (try using the SysV to stop DansGuardian then try starting it again or doing an 'rm /tmp/.dguardianipc').
squid account doesn't have permission to the /tmp dir i'm thinking… or it does but the /tmp gets deleted on every reboot i believe. i change the permission for a quick fix but also a reboot seems to solve it but it does come back here and there.
This is related to dansguardian process user.
As clamav socket and dansguardian must be run by the same user, I read clam user from conf and assign it to dansguardian. This user translation generates ipc file error.
Maybe a better uninstall script solve this.Is it happening just on reinstalls or every time?