You are here

howto: dansguardian for fedora

for a while now, i have been looking for a content filtering system for my own personal use. i did a little bit of research and i came up with dansguardian + squid. the original documentation is from James Japan's site l the documentation as is works great. great for a standalone pc. which was my original requirement.

and then i decided to add my laptop to the web content filtering system and discovered it wasnt working out at all. after a little trouble shooting i discovered a work around.

below are the commands i used stripped out of all explanations to easily recreate the system

#installing dans guardian #
#useful page #

yum -y install dansguardian squid

cp /etc/squid/squid.conf /etc/squid/squid.conf.original
cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.original

sed -i 's/http_port 3128/http_port transparent/g' /etc/squid/squid.conf
echo "visible_hostname `hostname`" >> /etc/squid/squid.conf
cat >>/etc/squid/squid.conf << EOF
cache_effective_user squid
cache_effective_group squid
shutdown_lifetime 2 seconds

sed -i 's/filterip =/filterip =' /etc/dansguardian/dansguardian.conf
sed -i 's/#daemonuser = '\''dansguardian'\''/daemonuser = '\''squid'\''/g' /etc/dansguardian/dansguardian.conf
sed -i 's/#daemongroup = '\''dansguardian'\''/daemongroup = '\''squid'\''/g' /etc/dansguardian/dansguardian.conf

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

#if this system is meant for a network, add the following rule to accept packets from the network
iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

#save the new iptables
/etc/init.d/iptables save

chown -R squid /var/log/dansguardian
chgrp -R squid /var/log/dansguardian
chown -R squid /var/spool/squid

chkconfig httpd on
chkconfig squid on
chkconfig dansguardian on
service squid restart
service dansguardian restart

now, to use the web content filtering system from my laptop will require either the firefox on my account use port 8080 on my desktop or the firewall to transparently forward all packets from any ip except dansguardian to dansguardion on port 8080.


according to the wikipedia page for dansguardian, it is now unmaintained and a new fork is available at
for sure, the news and downloads align with the wikipedia article