Topic: Dansguardian setup question

[addodge]

Hi,
I am looking into setting up dansguardian for a customer of mine. I ran this command "yum install dansguardian smeserver-dansguardian" and it came back with errors trying to find the mirror site.
I then edited the /etc/yum.conf file and added this
[dungog]
name=SME Server Repository -- Please Note, to setup yum use the instructions at dungog.net/sme/repo.php smeserver $releasever - $basearch - dungog
baseurl=http://dungog.net/sme/smeserver/$releasever/$basearch/dungog
and re-ran the yum command and it came back with a different error stating that it couldnt find a specifi xml file.
So then i installed  dansguardian-2.8.0.6-1.2.el4.rf.i386.rpm and smeserver-dansguardian-1.2-4.noarch.rpm both went through fine, and it appears that it starts ok when i reboot sme.  I was wondering if there is supposed to be a control panel for Dansguardian after the install?  I am pretty new at most of the features of sme, so please be nice.
Thanks for your help.
Andy

[gregswallow]

You have it installed - if you want to tweak the configuration look at the dansguardian docs for  more info.  There is no panel in Stephen's GPL version.

[addodge]

Thanks greg,
do you know if there is a panel ready now, or is there a panel in the works for sme 7?
Thanks
Andy

[gregswallow]

If there was, I would have said so.  There aren't really any changes you'll need to make often, you just might want to tweak some settings in the beginning.  If you find probelms with the initial configuration, report it in the bug tracker - there is a category called SME Contribs, and a sub-category called smeserver-dansguardian.

[CharlieBrady]

I am looking into setting up dansguardian for a customer of mine. I ran this command "yum install dansguardian smeserver-dansguardian" ...

This issue is off-topic in this forum. Please use the 7.x contribs forum.

[gregswallow]

moving the topic over...

[addodge]

Ok,
I read up on the use of Dansguardian.  Everything seemed to work pretty well out of the box too!  I wanted to set it so that when "auto detect network connection" was selected under the IE or Firefox connection settings it still filtered through Dansguardian.  I read here http://www.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/dansguardian%20instal%20&%20configure%20HOWTO%20for%20sme%20server.htm
down towards the bottem it says to run these commands
/sbin/e-smith/db configuration setprop squid TransparentPort 8080
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
In order to make it so you cant bypass dansguardian by unchecking the manual proxy in the connection settings.

Now that i have done that however when i uncheck the proxy settings certain things that used to be caught (i.e. www.sex.com) now are not caught.  Is there any other things that i can check to make sure everything is filtered through dansguardian?  If not can anyone tell me what i need to do to under the 3 commands that i ran earlier?
Thanks for your help
Andy

[gregswallow]

I wanted to set it so that when "auto detect network connection" was selected under the IE or Firefox connection settings it still filtered through Dansguardian.

I would assume that is supposed to happen automatically, otherwise what is the point?  Please submit a bug report so the author of the smeserver-dansguarian rpm knows about the problem, and can fix it.:
http://bugs.contribs.org/enter_bug.cgi?product=SME%20Contribs
(choose component - smeserver-dansguardian)

[addodge]

I would assume that is supposed to happen automatically, otherwise what is the point?

 if you want to tweak the configuration look at the dansguardian docs for more info.

It's not supposed to work automatically, and I did read to document for more info.  The following is a piece of info that is taken from the "How To" which clearly states that certain things have to be changed in order to make the filtering transparent.

Configuring the Proxy server settings

Dansguardian uses port 8080 for web proxy requests. If your browser does not use port 8080 then Dansguardian filtering will be bypassed and therefore ineffective.

Manually configuring your browser to use port 8080

Go to your workstation and open your browser

eg Internet Explorer or your browser

Change the settings for Connections to LAN

use the server IP 192.168.1.1 (or whatever yours is)

use a port of 8080 (instead of 3128)

Make sure you disable Auto detect as this will allow the browser to bypass Dansguardian

Users can easily change the setting in the browser to bypass Dansguardian filtering and gain access to blocked sites & inappropriate content. To overcome this possibility you need to change the sme server proxy port as follows.

Configuring your sme server to use Proxy port 8080

By default the proxy server is on port 3128

To change this setting to port 8080 permanently, do the following

To change the default Transparent proxy port on sme server

/sbin/e-smith/db configuration setprop squid TransparentPort 8080

/sbin/e-smith/signal-event post-upgrade

/sbin/e-smith/signal-event reboot

Then configure your browser to either automatically detect the port or to use port 8080

 I am really looking for others who use dansguardian and have set it to filter with the transparent proxy and could possibly help point me in the right direction rather than assuming its a bug and blowing off the real question. Im sorry but "tweak the configuration" doesnt really help me out.
Andy

[gregswallow]

It's not supposed to work automatically, and I did read to document for more info.  The following is a piece of info that is taken from the "How To" which clearly states that certain things have to be changed in order to make the filtering transparent.

Forget the howto.  Whatever is in that old howto should have been worked into the smeserver-dansguardian rpm.  If you have installed smeserver-dansguardian and you can bypass the filtering, then that is a bug.  The idea is that you let the author of the rpm know that there is a problem by submitting a bug report, you provide feedback to the bug report when/if he asks, and he (or you, or someone else -  it is a GPL rpm) releases an updated rpm that fixes the problem.

[buknoy]

It think there is a continuation to the howto that says:

To block access to port 80 and 3128 and force users to use 8080

add the following and remove the transproxy lines from masq

The following applies to sme v5.6, 6.x & 7.0 which use iptables.

Earlier sme versions require a different fix as they use ipchains.

 

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

Expand the template when changes have been made.

The problem is, I don't know what template to edit and how to expand this template. Would somebody kindly help?

[dexter]

Hello,

I have installed DG on SME7rc3 and works great. Becouse I've show this to my friends (young fathers) I have a problem They want to use my SME server as proxy from outside my network on DG port, but they get "timeout". Is this possible? Has anybody tried to set a proxy, with DG and try to access it from outside successfully ?!

My server lies behind monowall ( ports: 3128, 8080 are opened and forwarded) and it runs in ServerOnly mode. I do not have any ports blocked from my ISP eather

Can anybody help to solve this puzzle ?!

Regards,