Installing Apache$ sudo aptitude install apache2Setting a Static IP Address
Now make sure that you have a static IP address$ sudo vi /etc/network/interfacesAnd change the following (bold) to match your network# This file describes the network interfaces available on your systemPress Esc then :wq to save and exit. After saving the file, you must now restart the networking process
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1$ sudo /etc/init.d/networking restart
Installing and Configuring Squid
Install the Squid Proxy Server$ sudo aptitude install squidIf you want to change the default port that squid listens on [3128], change the http_port tag using vi, making a backup copy first$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf_backupOK, now we'll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860) Uncomment these 2 lines and add your network allocations
$ sudo vi /etc/squid/squid.conf
change the line
#http_port 3128
to (or just add the line)
http_port 8080acl our_networks src 192.168.1.0/24 192.168.2.0/24Note: If you get a startup error 'FATAL: Could not determine fully qualified hostname. Please set visible_hostname' you will also need to modify the visible_hostname tag
http_access allow our_networksvisible_hostname localhostSave the file and close (Esc :wq).
Installing and Configuring DansGuardian
To install DansGuardian, use the following command$ sudo aptitude install dansguardianNote: if you get an error "Couldn't find any package whose name or description matched "dansguardian""...try$ sudo gedit /etc/apt/sources.listOnce the package is installed, edit the following lines in the conf file to match, this will set DansGuardian to do basic filtering and use Squid as its proxy server.
Add this lines:
# deb http://pt.archive.ubuntu.com/ubuntu/ jaunty universe
# deb -src http://pt.archive.ubuntu.com/ jaunty universe
then
$ sudo apt-get update
$ sudo aptitude install dansguardian# UNCONFIGUREDTo configure banned/exception sites based on either phrases, ip addresses, urls, mime type, etc… you would need to edit one of the following files. All files are located in /etc/dansguardian/
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedurllist
banneduserlist
exceptioniplist
exceptionphraselist
exceptionsitelist
exceptionurllist
exceptionuserlist
exceptionvirusextensionlist
exceptionvirusmimetypelist
exceptionvirussitelist
exceptionvirusurllist
Restarting Squid and DansGuardian
Whenever a file is edited, it is good practice to restart both Squid and DansGuardian services by using the following commands$ sudo /etc/init.d/dansguardian stopNow that Squid and DansGuardian are configured, test it by setting up your browser to use the proxy server with port 8080.
$ sudo /etc/init.d/squid stop
$ sudo /etc/init.d/squid start
$ sudo /etc/init.d/dansguardian start
## to see if the service is running
$ ps –e | grep dansguardian
For Fedora
All of the commands are done from Terminal.
1. In Terminal log into root with the su - command and type your root password. The space - after su is necessary to get root's path.su -2. In Terminal enter the following command to install Squid.yum install squid -y3. Find out your DNS nameserver by entering in Terminal the following command:cat /etc/resolv.confIn my case the screen output showed:nameserver 192.168.1.1Another way you can find out your DNS nameserver is by entering from Terminal in Root:ip routeand seeing the output on the second line.
Remember the nameserver value because you need to add it to the squid.conf file.
4. In your favorite text editor (I use gedit) open up /etc/squid/squid.conf. Find the line that sayshttp_port 3128and add 127.0.0.1: before 3128 and the word transparent after 3128 so that it looks like this:http_port 127.0.0.1:3128 transparent5. Find the line#cache_effective_user squidRemove the hash mark in front of it, and under that line, add:cache_effective_group squidThe two lines should therefore look like this:cache_effective_user squid6. At the end of the file, type
cache_effective_group squiddns_nameserversfollowed by a space and enter the value of the namerserver of your machine. In my case the last line looks like this:dns_nameservers 192.168.1.17. Note: In Fedora 11 Preview on June 3, 2009, I also had to add to squid.conf the line:visible_hostname = myhostnameor Squid would not start.
8. Save the file and exit the text editor.
9. Go to http://dag.wieers.com/rpm/packages/dansguardian/ and download the latest Dansguardian that matches your CPU architecture, either the .i386.rpm or the .x86_64.rpm.
10. In your favorite text editor, open /etc/dansguardian/dansguardian.conf
11. Search for the word filterip and edit that line adding 127.0.0.1 after filterip = so it looks like this:filterip = 127.0.0.112. Search for the words daemonuser and daemongroup. Remove the hash marks before them, and change the word 'nobody' between the single quote marks to the word 'squid'. It should look like this:daemonuser = 'squid'13. Save the file and exit the editor program.
daemongroup = 'squid'
14. Setup Iptables with the following commands:iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT15. Change ownership of two directories with the following commands:
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
iptables-save > /etc/sysconfig/iptables
service iptables restartchown -R squid /var/log/dansguardian16. Enter the following commands:
chgrp -R squid /var/log/dansguardian
chown -R squid /var/spool/squidchkconfig httpd on17. If you use Gnome, enter in Terminal:
chkconfig squid on
chkconfig dansguardian on
service squid start
service dansguardian startgnome-network-preferencesIn the Network Proxy Preferences click on Manual proxy configration to put a dot in the circle. Enter the value of 127.0.0.1 in the HTTP proxy section. The Port should already have the value of 8080. You need to do this in order for your browser, Yum, PackageManager, Gnome Weather, Google earth and any other application that uses the HTTP port to be able to connect to the Internet after doing all of the above. I'm sure KDE has some similar system proxy configuration GUI.
If you get an error message that either Squid or Dansguardian could not start, the most likely reason is ownership was not set correctly as mentioned in point 6. I had to manually change ownership to Squid for it to work. The ownership was previously a number: 501.Note that unless both Squid and Dansguardian are running after you make changes to Iptables and restart it, you won't be able to access any Internet content at all! After Internet traffic is set with Iptables to go through Squid and Dansguardian, both must be running properly or you won't have any Internet access whatsoever until you either fix the problem or reset Iptables as it was by default.
Dansguardian would not permit me to download even compressed files after it was up and running. I had to edit the configuration files in /etc/dansguardian/ in order to permit Dansguardian to allow the download of certain files. Specifically I put hash (#) marks in front of certain lines in /etc/dansguardian/bannedextensionlist and /etc/dansguardian/bannedmimetypelist. Of course these files can only be edited with root access and so unless one knows the root password, I do not see how anyone can undermine Dansguardian's effectiveness.
For more and original post for fedora see http://linux.jamesjpn.com/how-to/dansguardian-install.html
Comments