Dear no name guest
I'm not trying to be rude but didn't you read my earlier post.
It says you need to buy the other parts from dungog.net if you want a nice pretty server manager panel, look in the Products section not the GPL section.
I also said to search these forums for posts on Dansguardian re how to manually set it up without a server manager panel. Just search on dansguardian.
If you installed the dansguardian rpm then dansguardian IS installed, but you need to manually configure the conf files etc.
Also look at
http://dansguardian.org/ for full "general" info
Here is some stuff I gathered specific to sme server from the forums (not complete). Make of it what you can, some of it applies to older sme versions.
Regards
Ray
Download the rpms from
www.dungog.net into a empty folder
wget
http://www.dungog.net/sme/files/dansguardian/DansGuardian-2.6.1-3.RH72.i386.rpmwget
http://www.dungog.net/sme/files/dansguardian/dungog-dansguardian-blacklists-0.1-9.noarch.rpmrpm -Uvh *.rpm
to start dansguardian do
/etc/init.d/dansguardian start
to stop dansguardian do
/etc/init.d/dansguardian stop
pico /etc/dansguardian/dansguardian.conf
Make required changes to suit your situation
You will need to change:
accessdeniedaddress = '
http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
for example to
accessdeniedaddress = '
http://www.mydomain.com/cgi-bin/dansguardian.pl'
You will probably need to change
naughtynesslimit = 50
to
naughtynesslimit = 160
you will also probably need to change the file suffix allowed list
also change
exceptionsitelist
bannedsitelist
bannedextensionlist
dansguardian.conf
**********************************************************************************************
The folowing does not appear to work for v5.6U5 on 21/9/03, this was posted by Charlie in August 2002 when v5.1.2 was still around or say when v5.5 was only just released, so it pobably applicable to earlier versions.
you will also need to change the transproxy setting on your server
Re: Transproxy custom template
Author: Charlie Brady (charlieb_AT_e-smith.com)
Date: 08-23-02 10:06
You didn't find
http://www.e-smith.org/custom/ then
You want:
/sbin/e-smith/db configuration setprop squid TransparentPort 8080
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
Charlie
*********************************************************************************
in pico then do
Ctrl O
to save your changes
and then do
Ctrl X
to exit
Whenever you make changes to the dansguardian.conf file you will need to restart dansguardian
to restart dansguardian do
/etc/init.d/dansguardian restart
Go to your workstation and open your browser
eg Internet Explorer or whatever
Change the settings for connections to
LAN
use the server IP 192.168.1.1 (or whatever your is)
use a port of 8080
Try browsing to the site of
www.sex.comYou should receive a message advising the site is blocked
> what did you add in yours ? in a nutshell
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc7.d/S91dansguardian
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc0.d/K24dansguardian
/bin/cp /home/httpd/cgi-bin/dansguardian.pl /home/e-smith/files/primary/cgi-bin/dansguardian.pl
[root@sme5 /root]# /etc/init.d/dansguardian restart
Shutting down dansguardian: [ OK ]
Starting dansguardian: [ OK ]
[root@sme5 /root]# squid -k reconfigure
[root@sme5 /root]#
OK I figured out how to make transproxy work with dansguardian.
First of all, install : e-smith-transproxy-0.3-1.noarch.rpm
Then you'll have to modify the port the requests are redirected to..
Edit : /etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy
- (line number 9)
$OUT .= "/sbin/ipchains --append input -j REDIRECT 3128 -p tcp ";
Modify "3128" by "8080"
- (line number 25)
$OUT .= " /sbin/ipchains --append input -j REDIRECT 3128 ";
Modify "3128" by "8080"
And that's it.
All your users are now going to pass through the proxy guarded by dansguardian.
Pretty kewl heh ?
Author: Shad (slords_AT_mail.com)
Here are the 2 template fragments that I added to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
[root@router masq]# more 35transproxy
{
my ($network, $broadcast) =
esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination $LocalIP 80\n";
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= "/sbin/ipchains --append input -j REDIRECT 8080 -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination 0.0.0.0/0 80\n";
local %networks;
tie %networks, 'esmith::config', '/home/e-smith/networks';
foreach my $network (keys %networks)
{
my ($type, %properties) = db_get(\%networks, $network);
if ($type eq 'network')
{
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $key/$properties{'Mask'} ";
$OUT .= "--destination $LocalIP 80\n";
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= " /sbin/ipchains --append input -j REDIRECT 8080 ";
$OUT .= "-p tcp --source $key/$properties{'Mask'} ";
$OUT .= "--destination 0.0.0.0/0 80\n";
}
}
}
[root@router masq]# more 45DenyDansguardian
{
local %services = ( dansguardian => $dansguardian );
if ( db_get_prop(\%services, 'dansguardian', 'status') eq 'enabled' )
{
$OUT .= <<'HERE';
/sbin/ipchains --append input -p tcp -y -s 0/0 -d $OUTERNET 8080 -j denylog
HERE
}
}
add the following line in: /home/e-smith/configuration
dansguardian=service|InitscriptOrder|92|status|enabled
ie issue
/sbin/e-smith/config set dansguardian service Initscriptorder 92 status enabled
and finally added the following link in: /etc/rc7.d
ln -s /etc/rc.d/init.d/e-smith-service S92dansguardian
ie issue
cd /etc/rc7.d
ln -s /etc/rc.d/init.d/e-smith-service S92dansguardian
This will create a fragment (?) called S92dansguardian
configure /etc/dansguardian/dansguardian.conf to you taste.
Author: Shad (slords_AT_mail.com)
One last thing that I have done is make it use squidguards blocking rules and update them automatically each week along with rotating the logfiles
Here is the file I stuck in: /etc/cron.weekly
[root@router cron.weekly]# more dansguardian
#! /bin/bash
cd /etc/dansguardian
rm -r blacklists.tar.gz
wget -qnv
http://ftp.ost.eltele.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz -O blacklists.tar.gz
tar -zxf blacklists.tar.gz
chown -R root.root blacklists
chmod -R 640 blacklists
find blacklists -name new\* -exec rm {} \;
rm blacklists/README
chmod ug+x blacklists
chmod ug+x blacklists/*
exec /etc/dansguardian/logrotation
---------------
after doing this just change the bannedsitelist and bannedurllist files in /etc/dansguardian to include the lists you want to block and happy surfing.
****************************************
http://www.e-smith.org/bboard/read.php?v=t&f=3&i=34861&t=34175Re: Blocking or Redirecting Internal Traffic on Certain Ports
Author: stephen noble (stephen_AT_dungog.net)
Date: 08-10-03 01:59
walter,
the pam_auth is unrelated to squidguard or dansguardian
it's a setting in squid.conf
to block access to port 80 and 3128 and force users to use 8080
i add the following and remove the transproxy lines from masq
5.5 uses ipchains so is different
dungog-dansguardian has been updated
stephen noble
dungog.net/sme
$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";
$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 80 -j DROP\n";
$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";
$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";
$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 3128 -j DROP\n";
$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";
*********************************
5 Replies
1318 Views