E2guardian package for pfsense - $??
-
You can install it manually, but I wouldn't suggest it. The way it stands now it's not all that stable. I would suggest (And it's what I did), installing E2Guardian on something like ubuntu then use nat to point all traffic at the second box running E2Guardian. Then E2Guardian can point all traffic back to the PFSense box and squid will proxy and send it on. Thats the most stabe way of setting up for now. It's not the best because configs are a pain, but it's more stable.
Can you send me a configuration file example for e2g, squid and NAT (screenshot) to follow your suggestion?
By the way the NAT is the one at Ubuntu or the one at pfsense (Newbie question) ?I don't have all that together, but it's pretty easy to setup a nat on PFSense for all port 80 traffic to get routed to your E2Guardian box. Then you setup E2Guaridan to point at SquidProxy running on PFSense. The setup of E2Guardian can be found online fairly easily. All your doing with PFSense is funneling traffic through the E2Guadian box with NAT and then back out through Squid.
https://www.linux.com/learn/filter-content-your-home-network-e2guardian
Once you have E2Guardian installed
Edit ./etc/E2Guardian/E2Guardian.conf Change the Proxy IP and the Proxy port to match your PFSense Firewall and SquidProxy. After that it's just a matter of editing the configs for E2Guardian, which I admit is much harder than the PFSense plugin.
-
Is there any news on this? I'm more than happy to throw £20 at it - I really need content filtering on my network. I installed pfsense today primarily because I'd been told that dansguardian was a "one click install" only to discover that it isn't anymore…
-
Can I use this pkg to follow the manual installation procedure with Marcello codes?
You should be able to use the manual instructions from the 3.0.4 version, but I have not tried it. Let us know how it goes.
Currently I am working with Captive Portal problems, but as soon as I try it, will post my findings here.
Since I am doing my test on VMs I created a VM Clone to test the e2g manual install.
I did the install and seems OK. But after making changes to the configuration, it shows a message saying that I must apply for the changes to take effect. I do not find an Apply button so I do not know how to do the apply.
Also the service does not start (probably because is the first time and changes need to be applied). Any way I do not see e2g errors on system log. I do see e2g logs about saved changes being made.
I will really appreciate if someone shed some light.
-
I tried making the same question for Dansguardian and it seems that to Apply the changes one just have to restart the service.
Since the service did not started through the GUI I look for a way to do it manually. I found other services are found in /usr/local/sbin so I look for e2g there and it was. So I went to the shell and execute ./e2guardian without parameters and it executed no showing errors so I guess it run successfully. Went to Services Status and e2g appeared Running. I then did Restart on the GUI and it seem that worked. I tried to Stop the service using the GUI but it did not stop. Both times went to the System Logs but did not show any logs for e2g service start/restart/stop.
Then I went to shell again and tried to stop service by "./e2guardian stop" but it did not worked, it gives me a notice that it is running. So I do not know how to stop it and do not know if Restart is really working.
-
I found in a Dansguardian thread how to stop the service "./e2guardian -q" in shell. Then to start do "./e2guardian". To restart in one command I still have not found. When I execute ./e2guardian again says is already running, that message is shown on the System Logs, but stopping/starting is not shown. That is probably why the restart is not shown either.
If anyone know how to turn on in the System Logs the start/stop of e2g it will be appreciated.
-
I confirm the GUI Restart does not work. I made a change and it didn't pickup the changes when Restarting using the GUI. I had to go to shell and manually stop then restart to apply.
-
Is anyone working on getting official package? Or is that what you are all doing?
-
After installing e2guardian from freebsd ports using the manual procedure it seems to be working OK (Not perfect), but it did not work with SSL.
I run "./e2guardian -v". I did not see ssl support enabled. This is sad. :'(
The e2guardian 3.4 (current stable version) supports ssl, it should be compiled with ssl support enabled. I bet the majority of the people is expecting the e2g package with ssl support enabled.
-
After installing e2guardian from freebsd ports using the manual procedure it seems to be working OK (Not perfect), but it did not work with SSL.
I run "./e2guardian -v". I did not see ssl support enabled. This is sad. :'(
The e2guardian 3.4 (current stable version) supports ssl, it should be compiled with ssl support enabled. I bet the majority of the people is expecting the e2g package with ssl support enabled.
Do you mind if you share how you got the e2guardian packaged from the freebsd ports? I've added the pkg manually like this:
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/e2guardian-3.4.0.3.txz
Fetching e2guardian-3.4.0.3.txzBut I'm not sure what to do after that… How do you even start it? If I type in "e2guardian" It says command not found.
-
I tried to install e2g manually, but the pfsense repository does not have the application. Look for the application in pkg.freebsd.org but did not found the e2g version you are referring. Where do I get it?
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/e2guardian-3.4.0.3.txz
This just installs the FreeBSD port, not the pfSense bits…This is it.
-
Sorry. You have to perform the full manual install procedure. In this thread you can find a link some pages before.
-
You can install it manually, but I wouldn't suggest it. The way it stands now it's not all that stable. I would suggest (And it's what I did), installing E2Guardian on something like ubuntu then use nat to point all traffic at the second box running E2Guardian. Then E2Guardian can point all traffic back to the PFSense box and squid will proxy and send it on. Thats the most stabe way of setting up for now. It's not the best because configs are a pain, but it's more stable.
I'm thinking this is pretty much the only option if you want to inspect content with pfsense. Is there any cons to this kind of set up? Is there any overhead in routing if you are routing traffic first to the pfsense box, then to the e2guardian box, then back to the pfsense box? I would like to keep my network as fast as possible. How would traffic monitoring look? Would the pfsense box see all bandwidth being used by the e2guardian box or would it preserve the original IP of the host?
Thanks!
-
Sorry. You have to perform the full manual install procedure. In this thread you can find a link some pages before.
I you have not found the link for manual install procedure:
http://knes1.github.io/blog/2015/2015-07-18-manually-installing-e2guardian-to-pfsense.html
-
I'm thinking this is pretty much the only option if you want to inspect content with pfsense. Is there any cons to this kind of set up? Is there any overhead in routing if you are routing traffic first to the pfsense box, then to the e2guardian box, then back to the pfsense box? I would like to keep my network as fast as possible. How would traffic monitoring look? Would the pfsense box see all bandwidth being used by the e2guardian box or would it preserve the original IP of the host?
Thanks!
Sorry, have been really busy… I'm sure there are some performance hits but if you want to do a transparent proxy it's your only real option in this type of a setup. If you can setup proxy settings on each client (group policies etc), or a WPAD https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol, that would push traffic at your e2guardian box first and take a little load off the firewall. I don't think it's enough to matter unless you have LOTS of traffic though... All the proxied content still carries its origin IP addresses so traffic monitoring and the firewall will still show endpoint IP addresses, but if you're interested in your Squid logs they will show all traffic coming from e2guardian.
-
I discovered that e2guardian can be automatically started by adding 2 more steps to the manual install procedure ( http://knes1.github.io/blog/2015/2015-07-18-manually-installing-e2guardian-to-pfsense.html ).
1. Rename /usr/local/etc/rc.d/e2guardian to e2guardian.sh
2. Change the following text from NO to YES inside the file ": ${e2guardian_enable:=YES}"Now the service can also be started and stopped from the services display.
For Step 8 of the manual install procedure, I suggest running the ssh commands as a bash shell script, but first bash must be installed:
pkg install bash
cp /usr/local/bin/bash /bin/make sure that you are in the following directory
cd /root/pfsense-packages-be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff/config/e2guardian/Create new file myscript.sh (I use winscp from Windows) with #!/bin/bash at the beginning and copy and paste all the commands from Step 8, save it, make it executable and execute it
chmod +x myscript.sh
bash myscript.shFor Step 9 there is a typo (purely cosmetic) for the menu xml. Change the 2 places of E2guradian to E2Guardian in the following lines for the menu to display correctly.
<menu>
<name>E2guradian</name>
<tooltiptext>E2guradian</tooltiptext>
Services
<configfile>e2guardian.xml</configfile>
</menu> -
This thread from e2guardian forum shows hot to activate SSL support for FREEBSD using the ports.
The same procedure can be used to turn other options that are turn off in the current package.
What I am missing is how to get the e2guardian to be package with the SSL support or other turned on option to be able to install it in pfsense.
-
In the following thread you can find how to compile and package the e2guardian software for pfsense with the last FreeBSD ports version.
You can activate MITM SSL support and other options.
https://forum.pfsense.org/index.php?topic=115276.msg658813#msg658813
Some e2guardian configurations have to be made directly on conf files. This present a problem.
Every time you make configuration changes through the GUI and save, the custom/manual settings are removed.
I guess will need to modify some of the scripts in order to keep the manual settings. This will present a challenge.
-
Maybe someone can modify the GUI scripts to include a custom text box field in the Groups section and the General section.
Such that in the custom box anyone could add the settings not implemented in the GUI.
For example the "nocheckcertsitelist" setting is not available for the Groups configuration.
I guess for the e2guardian version the GUI was intended did not had that setting available at the moment of programming it.
With the custom boxes the GUI can be extended to new versions by appending the box's text to the GUI generated configurations.
-
I've started fixing packages to 2.3. If postfix gets merged and works fine, e2guardian(on current port version) is on the list.
Marcelloc. I have not seen you comment in this thread since December/2015.
Could you evaluate making the changes I am suggesting?
https://forum.pfsense.org/index.php?topic=87526.msg661002#msg661002
-
I see that postfix was denied… My guess is he is out... I HOPE not, but... Someone else may have to take over the package. I'm a little disappointed since many people including myself donated money toward this package. I could understand if e2guardian was also denied, but as far as I know it's still just incomplete.
It's also possible that PFSense would deny this package as well. It's not as cumbersome as postfix is, but I don't know what direction they are moving since previously the postfix package was approved... :'(