You are here

howto: dansguardian for fedora

for a while now, i have been looking for a content filtering system for my own personal use. i did a little bit of research and i came up with dansguardian + squid. the original documentation is from James Japan's site l the documentation as is works great. great for a standalone pc. which was my original requirement.

and then i decided to add my laptop to the web content filtering system and discovered it wasnt working out at all. after a little trouble shooting i discovered a work around.

below are the commands i used stripped out of all explanations to easily recreate the system

#installing dans guardian #http://linux.jamesjpn.com/how-to/dansguardian-install.html
#useful page #http://dansguardian.org/?page=extras

#install
yum -y install dansguardian squid

#backup
cp /etc/squid/squid.conf /etc/squid/squid.conf.original
cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.original

#/etc/squid/squid.conf
sed -i 's/http_port 3128/http_port 127.0.0.1:3128 transparent/g' /etc/squid/squid.conf
echo "visible_hostname `hostname`" >> /etc/squid/squid.conf
cat >>/etc/squid/squid.conf << EOF
cache_effective_user squid
cache_effective_group squid
shutdown_lifetime 2 seconds
EOF

#/etc/dansguardian/dansguardian.conf
sed -i 's/filterip =/filterip = 127.0.0.1/g' /etc/dansguardian/dansguardian.conf
sed -i 's/#daemonuser = '\''dansguardian'\''/daemonuser = '\''squid'\''/g' /etc/dansguardian/dansguardian.conf
sed -i 's/#daemongroup = '\''dansguardian'\''/daemongroup = '\''squid'\''/g' /etc/dansguardian/dansguardian.conf

#iptables
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

#if this system is meant for a network, add the following rule to accept packets from the network
iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

#save the new iptables
/etc/init.d/iptables save

#permissions
chown -R squid /var/log/dansguardian
chgrp -R squid /var/log/dansguardian
chown -R squid /var/spool/squid

#start
chkconfig httpd on
chkconfig squid on
chkconfig dansguardian on
service squid restart
service dansguardian restart

now, to use the web content filtering system from my laptop will require either the firefox on my account use port 8080 on my desktop or the firewall to transparently forward all packets from any ip except dansguardian to dansguardion on port 8080.

Comments

according to the wikipedia page for dansguardian, it is now unmaintained and a new fork is available at http://e2guardian.org/cms/
for sure, the news and downloads align with the wikipedia article