Skip to main content

HOWTO setup Squid Proxy & DansGuardian Internet Content Filter in ubuntu and fedora

For Ubuntu
Installing Apache
$ sudo aptitude install apache2
Setting a Static IP Address
Now make sure that you have a static IP address
$ sudo vi /etc/network/interfaces
And change the following (bold) to match your network
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet
static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
Press Esc then :wq to save and exit. After saving the file, you must now restart the networking process
$ sudo /etc/init.d/networking restart

Installing and Configuring Squid
Install the Squid Proxy Server
$ sudo aptitude install squid
If you want to change the default port that squid listens on [3128], change the http_port tag using vi, making a backup copy first
$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf_backup
$ sudo vi /etc/squid/squid.conf
change the line
#http_port 3128
to (or just add the line)
http_port 8080

OK, now we'll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860) Uncomment these 2 lines and add your network allocations
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
Note: If you get a startup error 'FATAL: Could not determine fully qualified hostname. Please set visible_hostname' you will also need to modify the visible_hostname tag
visible_hostname localhost
Save the file and close (Esc :wq).

Installing and Configuring DansGuardian
To install DansGuardian, use the following command
$ sudo aptitude install dansguardian
Note: if you get an error "Couldn't find any package whose name or description matched "dansguardian""...try
$ sudo gedit /etc/apt/sources.list
Add this lines:
# deb http://pt.archive.ubuntu.com/ubuntu/ jaunty universe
# deb -src http://pt.archive.ubuntu.com/ jaunty universe
then
$ sudo apt-get update
$ sudo aptitude install dansguardian
Once the package is installed, edit the following lines in the conf file to match, this will set DansGuardian to do basic filtering and use Squid as its proxy server.
# UNCONFIGURED
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
To configure banned/exception sites based on either phrases, ip addresses, urls, mime type, etc… you would need to edit one of the following files. All files are located in /etc/dansguardian/
bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedurllist
banneduserlist

exceptioniplist
exceptionphraselist
exceptionsitelist
exceptionurllist
exceptionuserlist
exceptionvirusextensionlist
exceptionvirusmimetypelist
exceptionvirussitelist
exceptionvirusurllist

Restarting Squid and DansGuardian
Whenever a file is edited, it is good practice to restart both Squid and DansGuardian services by using the following commands
$ sudo /etc/init.d/dansguardian stop
$ sudo /etc/init.d/squid stop
$ sudo /etc/init.d/squid start
$ sudo /etc/init.d/dansguardian start

## to see if the service is running
$ ps –e | grep dansguardian
Now that Squid and DansGuardian are configured, test it by setting up your browser to use the proxy server with port 8080.




For Fedora

All of the commands are done from Terminal.
1. In Terminal log into root with the su - command and type your root password. The space - after su is necessary to get root's path.
su -
2. In Terminal enter the following command to install Squid.
yum install squid -y
3. Find out your DNS nameserver by entering in Terminal the following command:
cat /etc/resolv.conf
In my case the screen output showed:
nameserver 192.168.1.1
Another way you can find out your DNS nameserver is by entering from Terminal in Root:
ip route
and seeing the output on the second line.

Remember the nameserver value because you need to add it to the squid.conf file.
4. In your favorite text editor (I use gedit) open up /etc/squid/squid.conf. Find the line that says
http_port 3128
and add 127.0.0.1: before 3128 and the word transparent after 3128 so that it looks like this:
http_port 127.0.0.1:3128 transparent
5. Find the line
#cache_effective_user squid
Remove the hash mark in front of it, and under that line, add:
cache_effective_group squid
The two lines should therefore look like this:
cache_effective_user squid
cache_effective_group squid
6. At the end of the file, type
dns_nameservers
followed by a space and enter the value of the namerserver of your machine. In my case the last line looks like this:
dns_nameservers 192.168.1.1
7. Note: In Fedora 11 Preview on June 3, 2009, I also had to add to squid.conf the line:
visible_hostname = myhostname
or Squid would not start.
8. Save the file and exit the text editor.
9. Go to http://dag.wieers.com/rpm/packages/dansguardian/ and download the latest Dansguardian that matches your CPU architecture, either the .i386.rpm or the .x86_64.rpm.
10. In your favorite text editor, open /etc/dansguardian/dansguardian.conf
11. Search for the word filterip and edit that line adding 127.0.0.1 after filterip = so it looks like this:
filterip = 127.0.0.1
12. Search for the words daemonuser and daemongroup. Remove the hash marks before them, and change the word 'nobody' between the single quote marks to the word 'squid'. It should look like this:
daemonuser = 'squid'
daemongroup = 'squid'
13. Save the file and exit the editor program.
14. Setup Iptables with the following commands:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
iptables-save > /etc/sysconfig/iptables
service iptables restart
15. Change ownership of two directories with the following commands:
chown -R squid /var/log/dansguardian
chgrp -R squid /var/log/dansguardian
chown -R squid /var/spool/squid
16. Enter the following commands:
chkconfig httpd on
chkconfig squid on
chkconfig dansguardian on
service squid start
service dansguardian start
17. If you use Gnome, enter in Terminal:
gnome-network-preferences
In the Network Proxy Preferences click on Manual proxy configration to put a dot in the circle. Enter the value of 127.0.0.1 in the HTTP proxy section. The Port should already have the value of 8080. You need to do this in order for your browser, Yum, PackageManager, Gnome Weather, Google earth and any other application that uses the HTTP port to be able to connect to the Internet after doing all of the above. I'm sure KDE has some similar system proxy configuration GUI.


If you get an error message that either Squid or Dansguardian could not start, the most likely reason is ownership was not set correctly as mentioned in point 6. I had to manually change ownership to Squid for it to work. The ownership was previously a number: 501.

Note that unless both Squid and Dansguardian are running after you make changes to Iptables and restart it, you won't be able to access any Internet content at all! After Internet traffic is set with Iptables to go through Squid and Dansguardian, both must be running properly or you won't have any Internet access whatsoever until you either fix the problem or reset Iptables as it was by default.

Dansguardian would not permit me to download even compressed files after it was up and running. I had to edit the configuration files in /etc/dansguardian/ in order to permit Dansguardian to allow the download of certain files. Specifically I put hash (#) marks in front of certain lines in /etc/dansguardian/bannedextensionlist and /etc/dansguardian/bannedmimetypelist. Of course these files can only be edited with root access and so unless one knows the root password, I do not see how anyone can undermine Dansguardian's effectiveness.

For more and original post for fedora see http://linux.jamesjpn.com/how-to/dansguardian-install.html

Comments

Popular posts from this blog

How to install Skype on Ubuntu 10.04 Lucid Lynx

UPDATE: Skype has now been uploaded to the "partner" official Ubuntu 10.04 Lucid Lynx repository. See Install Skype in Ubuntu 10.04 Lucid Lynx from official partner repository Command Line way Get the package: For 32-bit $ wget http://www.skype.com/go/getskype-linux-beta-ubuntu-32 For 64-bit $ wget http://www.skype.com/go/getskype-linux-beta-ubuntu-64 You will need to install the following libraries. $ sudo apt-get install libqt4-dbus libqt4-network libqt4-xml libasound2 Now install skype(the file u just downloaded, may be named intrepid-ibex) $ sudo dpkg -i skype-XXXXXXXXXXXX.deb If you still get some dependency error then just type the command below $ sudo apt-get -f install this will install the dependencies and the skype. Non - Terminal Download the setup 32 -bit 64 -bit You will these packages: libqt4-dbus libqt4-network libqt4-xml . Goto Synaptic manager and install them. Now Launch the Skype install .deb file (just double click it) and follow the on screen prompts....

gtalx: Howto Gtalk in ubuntu ( google talk )

Did you fail to use " gtalk in ubuntu " ... Now you can chat and talk to your gmail buddies in ubuntu... 1. check for gtk2.0 and qt4 $ sudo apt-get install libgtk2.0-dev $ sudo apt-get install libqt4-dev libogg-dev libtheora-dev $ sudo apt-get install libsdl-dev libavcodec-dev libswscale-dev $ sudo apt-get install libexpat-dev libraw1394-dev libvorbis-dev $ sudo apt-get install libgsm1-dev  libspeexdsp-dev libmediastreamer0-dev libortp-dev 2. Remove 'pulse audio sound server' Open synaptic package manager and remove pulse audio 3. "Download gtalx" from here Dowload it here 4. Extract the file.... $ tar -zxvf 0.0.4.tar.gz 5. Get into the directory.... $ cd 0.0.4 and then... $ sudo chmod u+x make $ ./make $ sudo ./make install 6. Enjoy..... Please comment about your installation(whether it was a success or not....) Take gtalx from Applications > Internet > gtalx Enter your gmail login information..and click connect... ...

How to install Skype on Ubuntu 9.10 Karmic Koala

The two methods  below doesn't work now. Please see http://blog.dipinkrishna.info/2009/11/how-to-download-and-install-skype-for_3060.html for a successfull installation of skype on ubuntu. I have provided two methods. Please do comment which one is successful. Follow these steps to install skype in ubuntu 9.10 (64 bit).         First add:             deb http://packages.medibuntu.org/ karmic free non-free         to your source.list Now open a terminal and type: $ sudo wget http://www.medibuntu.org/sources.list.d/hardy.list -O /etc/apt/sources.list.d/medibuntu.list Then do an update: $ sudo apt-get update $ sudo apt-get --yes -q --allow-unauthenticated install medibuntu-keyring $ sudo apt-get -q update And finally install Skype. $ sudo apt-get install skype Ready ... now start skype with $ skype OR Download the setup 32 -bit 64 -bit Launch the Skype i...