Basic dansguardian + squid help?



  • I've been using pfSense at home for a few years between my cable modem and router, and now that I've given an android tablet to one of the kids I want to use content filtering. So I need to set up DansGuardian and Squid.
    I've set up Squid as a transparent proxy using these instructions, and it seems to be running properly.
    I've set up DansGuardian, then set pfSense to forward all traffic through port 8080. I have a few questions.

    1. Squid and Dansguardian listening interfaces. I've set Squid to LAN and DansGuardian to Loopback. Is this correct?
    2. DansGuardian RegExp for search engines. I'd like to use the RegExps to enforce SafeSearch, like these. Where do I put these in the pfSense DansGuardian UI?
    3. Blocked pages just time out after 30 seconds. There doesn't seem to be an informative error/block page.

    Is there a good how-to for the basic user to set up Squid + DansGuardian (assuming they're already successfully running pfSense)? I haven't seen a recent one. (there's this one from when DG wasn't yet a package)

    Is there also a good how-to for configuring DansGuardian? I've seen them for use from the cli of various linux flavors, but not for the pfSense UI.

    Thank you for any help, I'd really like to have (or compile) a simple how-to so that I could share it with friends or here on the forum.

    Ari



  • @adoucette:

    I've been using pfSense at home for a few years between my cable modem and router, and now that I've given an android tablet to one of the kids I want to use content filtering. So I need to set up DansGuardian and Squid.
    I've set up Squid as a transparent proxy using these instructions, and it seems to be running properly.
    I've set up DansGuardian, then set pfSense to forward all traffic through port 8080. I have a few questions.

    First… I'll put in a shameless plug. I've created a re-branded variant of pfSense called "Integrity" that is purely focused on the home user wanting to do content filtering and time based internet access. If you want to take a look at it, I've put the files (including the beginnings of a user manual) on my public dropbox at https://www.dropbox.com/sh/y3qoeiyxnvxl8c1/AAAn5sXHs02PvKyTz-3p34PAa?dl=0. The manual gives you a lot of screenshots and an explanation of how it works. I've replaced several of the default pfsense screens and eliminated many others in order to make it simpler for the home market. However, all of the default pfSense code is still there. You can navigate to any of the pfSense screens by simply typing the URL. In addition, I've create two types of install - an appliance install that is much simpler and eliminates many of the pfsense menu items, and a "base" install that sets everything up (including dansguardian, squid, etc.) and leaves all of the pfSense menus. If you want to see it in action, I've also put a couple of virtualbox VM's on dropbox.

    @adoucette:

    1. Squid and Dansguardian listening interfaces. I've set Squid to LAN and DansGuardian to Loopback. Is this correct?

    Dans should be listening on LAN. Squid on the loopback.

    @adoucette:

    1. DansGuardian RegExp for search engines. I'd like to use the RegExps to enforce SafeSearch, like these. Where do I put these in the pfSense DansGuardian UI?

    It's under "ACL's" then "'URL Lists" then the "modify" config section. You can search this forum or google for regular expressions to force safesearch.

    @adoucette:

    1. Blocked pages just time out after 30 seconds. There doesn't seem to be an informative error/block page.

    Not sure on this one… Dans has a configurable block page and even a bypass feature that can be configured on the "Rport and Log" tab. I wasn't happy with how it worked.... it allows a source IP through Dans without filtering, but the IP still gets redirected. The problem is that the redirection to Dans can sometimes cause things to fail. As a result, I create something that removes the redirect to Dans for a limited period of time... Basically a page comes up, asks you for an ID/password and then allows the IP (if authenticated) to bypass Dans completely for a time period (i.e. stops redirecting the IP to Dans).

    @adoucette:

    Is there a good how-to for the basic user to set up Squid + DansGuardian (assuming they're already successfully running pfSense)? I haven't seen a recent one. (there's this one from when DG wasn't yet a package)

    Is there also a good how-to for configuring DansGuardian? I've seen them for use from the cli of various linux flavors, but not for the pfSense UI.

    Unfortunately, I haven't gotten around to completing the dansguardian part of the Integrity manual. However, there is a very good dansguardian config tutorial online at [http://contentfilter.futuragts.com/wiki/doku.php?id=main_index&DokuWiki=8e8958b1bf501705615c34ef06530f0f[/url] - it should tell you most of what you need to know and it isn't difficult to tie back to the screens in pfSense.



  • Thanks, that helped. I believe my main issue was having each listen on the proper interface.
    I'll keep an eye out for your product so that, when released, some friends could consider it



  • Honestly, I wasn't planning to release it as a product. Creating it has been primarily something that I've done for fun and I've offered to set it up for people as a ministry. If it is something you (or your friends) would be interested in I'd be happy to setup a box at cost. Likewise, you could simply download and use the install scripts from my dropbox site and do it yourself.


Log in to reply