Pfsense GUI & Dansguardian woes …
-
I've installed dozensnof times and never had the problems you are describing. Can you provide any info about the setting changes you are making? Can you provide any squid or DG logs?
-
OK have removed DG and Squid, re-installed DG and Squid 3.1.2. via the web GUI,
It is working, browsers pointed at the proxy are filtered.
Using the web GUI in Services, Dansguardian, Report, I edited the report file (html template page announcing the site is blocked) to put our organization name in replacing the place holder, saved the file, but users still see the old template, even though the web GUI shows the file as changed.
Seems the file I edit in the GUI is not the one DG is using?
How do I fix that? (I would like to be able to do it from the GUI.)
TIA
-
I assume you've cleared the browser history and made sure it is not just a client (browser) side issue? Double check that first…
However, you are correct about the GUI not editing the file "in place". The GUI saves what you edit as an encoded string in the config.xml file and then also updates the file on disk. It's possible that something is keeping it from writing the file to disk. I'll try to look tonight if you are still having the problem.
-
And now I no longer can access the internet, just tried through the DG/Squid proxy.
It worked yesterday, I haven't made any changes to either the workstation, browser, or the DG/Squid host machine. I just cleared the browser cache (Chrome latest version) and still no go.
In the gui, I added added to DG's ACL blocked list a new site, and immediately it took effect (browsing machine got back the site blocked page), but for unblocked sites it times out. So DG seems to be working, but is not getting out through squid?
Not sure what to do next, any suggestions?
-
https://forum.pfsense.org/index.php?topic=73075.msg398731#msg398731
-
1.) Validate that Squid and Dans are both running… If so...
According to the webgui, both are.2.) Try connecting the browser (via explicit proxy settings) to squid and make sure you can get out... If so...
Fails here - set squid to listen on the lan interface at port 3129, changed the browser proxy settings, and it times out.Browser reports:
The following error was encountered while trying to retrieve the URL: http://www.badboys.com/
Unable to determine IP address from host name www.badboys.com
The DNS server returned:
Timeout
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.Your cache administrator is admin@localhost.
Generated Thu, 10 Apr 2014 18:30:40 GMT by localhost (squid/3.1.22)
Now what?Oops - went back in the web gui to DG and changed the ip address of the proxy server (squid) to the ip of the LAN card (from localhost 127.0.0.1) and now it works.
But this makes no sense (because DG is listening on port 8080) does it?
OK on to step 3
3.) Try connecting the browser (via explicit proxy settings) to dans and make sure you can get out… If so...
Did this (same settings as before the problem started) and now it works!4.) Add the redirect rule and delete your browser proxy settings.
I assume this if for setting it as a transparent proxy, I am not using transparent here, the win7 workstations are all pointed at the proxy via internet options in control panel.This is maddening, why is it working once again, and for how long?
-
And I still can't edit the DG report template - changes I make in the webgui don't take effect.
(Although any changes I make in the webgui to the banned list in DG ACL take effect immediately.)
(And since DG/squid started working once again - the page now showing up when an attempt to visit a banned site is blocked is NOT the default anymore, but is one from an earlier install/remove!)
Can anyone figure this out?
-
For the banned page, my guess is that you have somehow gotten the page in the GUI (which is saved in the config.xml) out of sync with the one that is stored on disk (and actually used by DG). Anyway… it can get a little confusing. Bottom line is that I'm not sure why as you edit it in the GUI it is (apparently) not updating the file stored on disk.. I'll figure out where that file is stored and you could validate that it is (or is not) being updated.
In the interim, I believe the one from the GUI (stored in config.xml) would be re-applied if you reboot the machine.
-
I rebooted from the GUI, but I am still seeing the same banned page (browser cache cleared), not the one that the GUI shows.
I did notice on the reboot that as it shut down this message briefly flashed on the console
"find: /tmp/* :no such file or directory"
although when the system came back up and I typed it (find /tmp/) at the shell prompt I get a listing of items in a tmp directory, note that typing "find: /tmp/" tells me too many arguments are being used.
I rebooted again (2nd time), same "find: /tmp/* :no such file or directory" message appeared on shut down, and same banned page in the browser after system came up (again browser cache was cleared).
Does that have any significance?
-
The HTML template file is saved as "/usr/local/share/dansguardian/languages/ukenglish/template.html" (assuming you are using english as the language). This is a symbolic link to "/usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html"
Can you check that this file is being updated when you save the template via the GUI? It seems to be saving fine on my test machine…
-
The template at the symbolic link "/usr/local/share/dansguardian/languages/ukenglish/template.html" is the one in the GUI I edited/want, but the one at "/usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html" is the one being shown in the browser.
Now what?
TIA
-
Not sure what is going on here or how this happened. There should be a symbolic link named "/usr/local/share/dansguardian/languages/ukenglish/template.html" that points to the file in the /usr/pbi… directory. If that is not a symbolic link, then you should probably delete the file and create the symbolic link....
-
How do I delete/recreate a symbolic link? (or how do I fix the problem?)
(newbie at FreeBSD)
-
You'll need to get to the command prompt - either at the console or ssh to the box… then...
cd /usr/local/share/dansguardian/languages/ukenglish/ rm template.html ln -s /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html template.html
Check that the link is created and pointing to the file by doing
ls -al template.html
The go back in the GUI and make your changes… should work.
-
Worked perfectly, I can edit the template, save, and the changes take effect immediately!
Many thanks for your help.
The DG/Squid combo appears to be working nicely now, I don't notice any browsing difference going through the proxy compared to a direct connection except of course the filtering - but I am only 1 user. Monday I'll point a group of students at it - that's when the problems began last few times with timeouts, slowness, etc.. Hopefully it won't this time.
Again, thanks for your help.