Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Robert Heaton on November 06, 2001, 06:14:47 PM
-
Hi,
I am trying to install DansGuardian (www.dansguardian.org) as an alternate to SquidGuard, I have installed the RedHat 7.1 RPM, and configured it, as shown in the documentation. Dans Guardian runs on port 8080 how do i "open" this port in SME 5.0?? Because I take it this port is "blocked" by the firewall or somthing.
Kind regards,
Rob.
-
Hi..
I installed SleezeBall...
Forgot it and installed SquidGuard..
Now I deleted those 2 things and installed DansGuardian..
Actually I followed the documentation the same way as robert I think :)
I installed:
DansGuardian-2.1.0-4.i386.rpm
compat-libstdc++-6.2-2.9.0.9.i386.rpm
My trouble is that port 8080 seems to be blocked as robert said and second thing, I installed transproxy and I want all my users to pass through squid AND dansguardian...
Is it possible ?
Thanx ppl
ps: Robert sorry I do not have the answer.. I just wanted to tell you I tried it as well :)
-
it works for me
i used the ordinary not static rh7.0 rpm
no other file was needed
well they were but, after my report they were added to the latest rpm
edit the .conf file
point browser at 8080 and your away
i'd like to know how transpoxy works
when you need to point at 8080
8080 can be changed in the .conf file
i'm almost finished an e-smith-dansguardian rpm
to make it work out of the box
stephen
-
>edit the .conf file
>point browser at 8080 and your away
Yeah which conf file?
I'm not actually at home... sweet switzerland... I'm at work :)
/etc/transproxy.conf ?
> i'm almost finished an e-smith-dansguardian rpm
> to make it work out of the box
OK That means people will just have to "rpm -Uvh" it and it will work ?!
Why doing an rpm if you just had to install the one they give on their website
what did you add in yours ?
I removed sleezball, squidguard and transproxy.. I rebooted my server (oh god.. I hate this... I wanted to keep my uptime .. anyways i'm gonna upgrade to sme 5 soon) and then I tried to point my browser at 8080 but it wasnt working...
any idea ?
Thanx
-
Hello,
Thanks everyone for your help, any word on when e-smith-dansguardian RPM will be ready??
I would be pleased to test it for you.
Kind regards,
Rob.
-
> Yeah which conf file?
you don't sound like your trying to follow the dansguardian instructions
/etc/dansguardian/dansguardian.conf
> Why doing an rpm if you just had to install the one they give
> on their website
> what did you add in yours ?
in a nutshell
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc7.d/S91dansguardian
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc0.d/K24dansguardian
/bin/cp /home/httpd/cgi-bin/dansguardian.pl /home/e-smith/files/primary/cgi-bin/dansguardian.pl
but i'm also writing a panel so fuckwits like you get of my back
just kidding OK
dansguardion should block me from seeing this because of the f word
here goes....
stephen
> any idea ?
-
> > Yeah which conf file?
> you don't sound like your trying to follow the dansguardian
> instructions
> /etc/dansguardian/dansguardian.conf
>
I'm talking about transproxy... I dont know how it works but if the browser has to point on 8080, transproxy should as well.... no ?
> > Why doing an rpm if you just had to install the one they give
> > on their website
> > what did you add in yours ?
>
> in a nutshell
> /bin/ln -s /etc/init.d/dansguardian
> /etc/rc.d/rc7.d/S91dansguardian
> /bin/ln -s /etc/init.d/dansguardian
> /etc/rc.d/rc0.d/K24dansguardian
> /bin/cp /home/httpd/cgi-bin/dansguardian.pl
> /home/e-smith/files/primary/cgi-bin/dansguardian.pl
>
OK I forgot that...
-
Access to the page:
http://groups.yahoo.com/group/dungog_net/files/readme/demo/testing/naughty.txt
... has been denied for the following reason:
Phrase found: @!#$
hmmm fuckwit is allowable i'll be phucked
but this one won't be visible because of line 4
robert have a go with with the info i have given + do the following after changes
the rpm will be ready when it's ready
ha, i always wanted to say that
[root@sme5 /root]# /etc/init.d/dansguardian restart
Shutting down dansguardian: [ OK ]
Starting dansguardian: [ OK ]
[root@sme5 /root]# squid -k reconfigure
[root@sme5 /root]#
thanks wxp
i have some large gaps in my knowledge
i'll look at transproxy.conf
-
Access to the page:
http://groups.yahoo.com/group/dungog_net/files/readme/demo/testing/naughty.txt
... has been denied for the following reason:
Phrase found: @!#$
i better go read some more....
sometimes the f... word is, blocked but in the forum it was replaced
that's probably pretty clever ?
-
> Thanks everyone for your help, any word on when
> e-smith-dansguardian RPM will be ready??
now
it's called DansGuardian-setup-0.1-1.noarch.rpm
see readme.dungog.net and it.dungog.net
regards
stephen noble
-
OK I figured out how to make transproxy work with dansguardian.
First of all, install : e-smith-transproxy-0.3-1.noarch.rpm
Then you'll have to modify the port the requests are redirected to..
Edit : /etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy
- (line number 9)
$OUT .= "/sbin/ipchains --append input -j REDIRECT 3128 -p tcp ";
Modify "3128" by "8080"
- (line number 25)
$OUT .= " /sbin/ipchains --append input -j REDIRECT 3128 ";
Modify "3128" by "8080"
And that's it.
All your users are now going to pass through the proxy guarded by dansguardian.
Pretty kewl heh ?
See ya !
-
Thanks Stephen and WXP we will have a go at this tomorrow
Rob
-
Here are the 2 template fragments that I added to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
[root@router masq]# more 35transproxy
{
my ($network, $broadcast) =
esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination $LocalIP 80\n";
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= "/sbin/ipchains --append input -j REDIRECT 8080 -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination 0.0.0.0/0 80\n";
local %networks;
tie %networks, 'esmith::config', '/home/e-smith/networks';
foreach my $network (keys %networks)
{
my ($type, %properties) = db_get(\%networks, $network);
if ($type eq 'network')
{
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $key/$properties{'Mask'} ";
$OUT .= "--destination $LocalIP 80\n";
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= " /sbin/ipchains --append input -j REDIRECT 8080 ";
$OUT .= "-p tcp --source $key/$properties{'Mask'} ";
$OUT .= "--destination 0.0.0.0/0 80\n";
}
}
}
[root@router masq]# more 45DenyDansguardian
{
local %services = ( dansguardian => $dansguardian );
if ( db_get_prop(\%services, 'dansguardian', 'status') eq 'enabled' )
{
$OUT .= <<'HERE';
/sbin/ipchains --append input -p tcp -y -s 0/0 -d $OUTERNET 8080 -j denylog
HERE
}
}
I also added the following line in: /home/e-smith/configuration
dansguardian=service|InitscriptOrder|92|status|enabled
and finally added the following link in: /etc/rc7.d
ln -s /etc/rc.d/init.d/dansguardian S92dansguardian
Everything else was done automatically buy the RPM. Of course you still need to configure /etc/dansguardian/dansguardian.conf to you taste.
-
One last thing that I have done is make it use squidguards blocking rules and update them automatically each week along with rotating the logfiles
Here is the file I stuck in: /etc/cron.weekly
[root@router cron.weekly]# more dansguardian
#! /bin/bash
cd /etc/dansguardian
rm -r blacklists.tar.gz
wget -qnv http://ftp.ost.eltele.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz -O blacklists.tar.gz
tar -zxf blacklists.tar.gz
chown -R root.root blacklists
chmod -R 640 blacklists
find blacklists -name new\* -exec rm {} \;
rm blacklists/README
chmod ug+x blacklists
chmod ug+x blacklists/*
exec /etc/dansguardian/logrotation
---------------
after doing this just change the bannedsitelist and bannedurllist files in /etc/dansguardian to include the lists you want to block and happy surfing.
-
link in /etc/rc7.d should be:
ln -s /etc/rc.d/init.d/e-smith-service S92dansguardian
not
ln -s /etc/rc.d/init.d/dansguardian S92dansguardian
-
thanks shad,
all the changes will go in the next rpm
stephen
-
Stephen Good day Blue
We set up your RPM which seems to work without any problems. will have a look at Shads updates later to day. Get back to you soon
Rob
-
HI
Have tried to download Stephen's RPM from it.dungog.net and get transferred to
http://groups.yahoo.com/group/dungog_net/files/rpm/DansGuardian-setup-0.1-1.noarch.rpm and the following error message - requested file or directory not available on this server.
Is there some other site where I can download it or could some one email it to me please?
Thanks,
Michael Vineburg
-
You will find the rpm here http://groups.yahoo.com/group/dungog_net/files/rpms/
Regards
Craig
-
Thanks for your help Craig. The RPMS are there. Am looking forward to installing them.
-
anyone still reading this thread?
0.1-2 now available
readme.dungog.net
thanks shad/wxp for transproxy help
-
Thanks for the updated RPM Stephen.
Installed previous version last night ...no problems (except caused by my own lack of knowledge / dullness)
Looking forward to trying new RPM.
-
it.dungog.net
0.1-3
includes a panel to add to the lists
some custom banned phrases
needs
the correct email syntax in dansguardian.pl
proxy auth to allow users to bypass filter
stephen