Caros, Adicionei novas listas ao dansguardian, e as habilitei, quando tento acessar algum conteudo proibido, ele me retornar a pagina de erro com a categoria N/A, onde consigo editar e adicionar as novas caterias, já verifiquei vários arquivos no /etc/dansguardian e nao encontrei.
Att. Leandro Moreira. 2009/11/19 Leandro Moreira <lean...@leandromoreira.eti.br> > Caros, > Faltou placa de rede intel gigabit (2 placas): > > Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controller > (rev 05) > Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controller > (rev 05) > > Att. > > Leandro Mo > > 2009/11/19 Leandro Moreira <lean...@leandromoreira.eti.br> > > Poweredge da dell com 1 GB de RAM processador xeon 2.4 GH nucleo duplo HD >> SCSI de 80 GB. >> Dentro de alguns dias devo receber mais 6 GB memoria pra ele. >> >> Att. >> >> Leandro Moreira >> >> 2009/11/19 Egberto Monteiro <servido...@futuro.usp.br> >> >> Qual a configuração (HW) do servidor que está com o dansguardian e quantos >>> clientes vc possui. >>> Meus clientes nem notam a diferença aqui. >>> >>> >>> Leandro Moreira wrote: >>> >>>> Marcelo, >>>> Testei a sua sugestão funcionou em partes, funcionou pois nao pegava >>>> ip's da >>>> minha rede interna nem nos logs do dansguardian nem nos logs do proxy e >>>> isso >>>> ja passou a acontecer. >>>> Mas a internet ficou extremamente lenta. >>>> Estou verificando as configurações pra ver se descubro o q pode ser, se >>>> por >>>> acaso tiver mais alguma sugestão, fico agradecido. >>>> >>>> Att. >>>> >>>> Leandro Moreira >>>> >>>> >>>> >>>> >>>> 2009/11/19 Marcelo <msala...@gmail.com> >>>> >>>> >>>> >>>>> Leandro, >>>>> >>>>> Faz um teste rápido, >>>>> >>>>> altera: >>>>> proxyip = 127.0.0.1 >>>>> para >>>>> proxyip = sua placa interna por exemplo 192.168.0.1 >>>>> >>>>> Abraços, >>>>> Marcelo >>>>> >>>>> >>>>> Leandro Moreira wrote: >>>>> >>>>> >>>>>> Caros, >>>>>> Segue abaixo o meu dansguardian.conf: >>>>>> >>>>>> # comente esta linha para dizer que já o configuramos >>>>>> #UNCONFIGURED - Please remove this line after configuration >>>>>> >>>>>> # 3 = usar HTML template para acessos negados >>>>>> reportinglevel = 3 >>>>>> >>>>>> # Diretório de Linguagens >>>>>> languagedir = '/etc/dansguardian/languages' >>>>>> >>>>>> # Linguagem usada: >>>>>> language = 'portuguese' >>>>>> >>>>>> #Nível de log 0 = nenhum 1 = somente negado 2 = todos acessados 3 = >>>>>> Todos requisições >>>>>> loglevel = 3 >>>>>> >>>>>> # 2 = always log & mark exceptions (default) >>>>>> logexceptionhits = 2 >>>>>> >>>>>> # Formato do log, 1 = Formato default. >>>>>> logfileformat = 1 >>>>>> >>>>>> # Localização do arquivo de log >>>>>> loglocation = '/var/log/dansguardian/access.log' >>>>>> >>>>>> # Ips filtrados individualmente >>>>>> filterip = >>>>>> >>>>>> # Porta de escuta do Dansguardian >>>>>> filterport = 8080 >>>>>> >>>>>> # Ip do proxy, onde está o squid >>>>>> proxyip = 127.0.0.1 >>>>>> >>>>>> # porta do squid >>>>>> proxyport = 3128 >>>>>> >>>>>> # url de acesso negado >>>>>> accessdeniedaddress = >>>>>> 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' >>>>>> >>>>>> # Default is enabled, but to go back to the standard mode, disable it. >>>>>> nonstandarddelimiter = on >>>>>> >>>>>> # Usar banner do dansguardian on (default) | off >>>>>> usecustombannedimage = on >>>>>> custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' >>>>>> >>>>>> # Quantidade de grupos existente, pode ser criado até 9 >>>>>> filtergroups = 1 >>>>>> >>>>>> # Onde fica o arquivo onde são atribuídos os grupos aos usuários ou >>>>>> ips. >>>>>> # agora podemos também atribuir faixas de ips >>>>>> filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' >>>>>> >>>>>> # Ips sem acesso >>>>>> bannediplist = '/etc/dansguardian/lists/bannediplist' >>>>>> # Ips com acesso total >>>>>> exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' >>>>>> >>>>>> # high enough, reported. on | off >>>>>> showweightedfound = on >>>>>> >>>>>> # 2 = on, singular = each weighted phrase found only counts once on a >>>>>> page. >>>>>> weightedphrasemode = 2 >>>>>> >>>>>> urlcachenumber = 1000 >>>>>> urlcacheage = 900 >>>>>> scancleancache = on >>>>>> >>>>>> # 2 = both of the above (default) >>>>>> phrasefiltermode = 2 >>>>>> >>>>>> # 0 = force lower case (default) >>>>>> preservecase = 0 >>>>>> >>>>>> # off = disabled (default) >>>>>> # on = enabled >>>>>> hexdecodecontent = off >>>>>> >>>>>> # off (default) | on (Big5 compatible) >>>>>> forcequicksearch = off >>>>>> >>>>>> # bannedsitelist file instead. >>>>>> reverseaddresslookups = off >>>>>> >>>>>> # leave it off. >>>>>> reverseclientiplookups = off >>>>>> >>>>>> # is, enabling this option does not incur any additional forward DNS >>>>>> requests. >>>>>> logclienthostnames = off >>>>>> >>>>>> # be significant. Fast computers do not need this option. on | off >>>>>> createlistcachefiles = on >>>>>> >>>>>> # use -1 for no blocking >>>>>> #maxuploadsize = 512 >>>>>> #maxuploadsize = 0 >>>>>> maxuploadsize = -1 >>>>>> >>>>>> # The size is in Kibibytes - eg 2048 = 2Mb >>>>>> # use 0 to set it to maxcontentramcachescansize >>>>>> maxcontentfiltersize = 256 >>>>>> >>>>>> # use 0 to set it to maxcontentfilecachescansize >>>>>> # This option may be ignored by the configured download manager. >>>>>> maxcontentramcachescansize = 2000 >>>>>> >>>>>> # The size is in Kibibytes - eg 10240 = 10Mb >>>>>> maxcontentfilecachescansize = 20000 >>>>>> >>>>>> # RAM cache. >>>>>> filecachedir = '/tmp' >>>>>> >>>>>> # on|off (defaults to on) >>>>>> deletedownloadedtempfiles = on >>>>>> >>>>>> # This may be ignored by the configured download manager. >>>>>> initialtrickledelay = 20 >>>>>> >>>>>> # This may be ignored by the configured download manager. >>>>>> trickledelay = 10 >>>>>> >>>>>> # Controle dobre gerenciador de Downloads >>>>>> downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' >>>>>> downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' >>>>>> >>>>>> # The default of 60 seconds is probably reasonable. >>>>>> contentscannertimeout = 60 >>>>>> >>>>>> # (on|off) default = off >>>>>> contentscanexceptions = off >>>>>> >>>>>> # Este plugin deve ser habilitado para aparecer os usuários no log do >>>>>> Dansguardian >>>>>> authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' >>>>>> >>>>>> >>>>>> # Defaults to off. >>>>>> recheckreplacedurls = off >>>>>> >>>>>> # Importante, deve ser habilitado para repassar os ips clientes ao >>>>>> squid. >>>>>> forwardedfor = on >>>>>> >>>>>> # Warning - headers are easily spoofed. on | off >>>>>> usexforwardedfor = off >>>>>> >>>>>> # it on or off >>>>>> logconnectionhandlingerrors = on >>>>>> >>>>>> # useful in production. >>>>>> logchildprocesshandling = off >>>>>> >>>>>> # On large sites you might want to try 180. >>>>>> maxchildren = 120 >>>>>> >>>>>> # On large sites you might want to try 32. >>>>>> minchildren = 8 >>>>>> >>>>>> # sets the minimum number of processes to be kept ready to handle >>>>>> connections. >>>>>> # On large sites you might want to try 8. >>>>>> minsparechildren = 4 >>>>>> >>>>>> # sets the minimum number of processes to spawn when it runs out >>>>>> # On large sites you might want to try 10. >>>>>> preforkchildren = 6 >>>>>> >>>>>> # sets the maximum number of processes to have doing nothing. >>>>>> # When this many are spare it will cull some of them. >>>>>> # On large sites you might want to try 64. >>>>>> maxsparechildren = 32 >>>>>> >>>>>> # On large sites you might want to try 10000. >>>>>> maxagechildren = 500 >>>>>> >>>>>> # browse the web. Set to 0 for no limit, and to disable the IP cache >>>>>> process. >>>>>> maxips = 0 >>>>>> >>>>>> # Defines IPC server directory and filename used to communicate with >>>>>> the log process. >>>>>> ipcfilename = '/tmp/.dguardianipc' >>>>>> >>>>>> # Defines URL list IPC server directory and filename used to >>>>>> communicate with the URL >>>>>> # cache process. >>>>>> urlipcfilename = '/tmp/.dguardianurlipc' >>>>>> >>>>>> # Defines IP list IPC server directory and filename, for communicating >>>>>> with the client >>>>>> # IP cache process. >>>>>> ipipcfilename = '/tmp/.dguardianipipc' >>>>>> >>>>>> # on|off (defaults to off) >>>>>> nodaemon = off >>>>>> >>>>>> # Disable logging process >>>>>> # on|off (defaults to off) >>>>>> nologger = off >>>>>> >>>>>> # Enable logging of "ADs" category blocks >>>>>> # on|off (defaults to off) >>>>>> logadblocks = off >>>>>> >>>>>> # Enable logging of client User-Agent >>>>>> # Some browsers will cause a *lot* of extra information on each line! >>>>>> # on|off (defaults to off) >>>>>> loguseragent = off >>>>>> >>>>>> # on|off (defaults to off) >>>>>> softrestart = off >>>>>> >>>>>> # Mail program >>>>>> # Path (sendmail-compatible) email program, with options. >>>>>> # Not used if usesmtp is disabled (filtergroup specific). >>>>>> mailer = '/usr/sbin/sendmail -t' >>>>>> >>>>>> Att. >>>>>> >>>>>> Leandro Moreira. >>>>>> >>>>>> 2009/11/19 Marcelo <msala...@gmail.com <mailto:msala...@gmail.com>> >>>>>> >>>>>> Leanddro, >>>>>> >>>>>> posta o seu dansguardian.conf >>>>>> >>>>>> >>>>>> Abraços, >>>>>> Marcelo >>>>>> >>>>>> Leandro Moreira wrote: >>>>>> > Caros, >>>>>> > A minha rede tem a seguinte topologia >>>>>> > >>>>>> > # --------- # # -------------- # # >>>>>> -------------------- # >>>>>> > # LAN # ----> # FW DMZ # -----> # FW BORDA # >>>>>> > # --------- # # --------------- # # >>>>>> -------------------- # >>>>>> > | >>>>>> > | >>>>>> > # --------------------------------------- # >>>>>> > # PROXY/DANSGUARDIAN # >>>>>> > # --------------------------------------- # >>>>>> > >>>>>> > Instalei e configurei o dansguardian, ao set-lo manualmente no >>>>>> > navegador, funciona sem problemas. Entao criei um NAT no firewall >>>>>> >>>>>> >>>>> de >>>>> >>>>> >>>>>> > borda para enviar todas as requisições da porta 80 para o >>>>>> servidor com >>>>>> > o dansguardian: >>>>>> > >>>>>> > iptables -t nat -A PREROUTING -i ! eth0 -s ! 172.20.0.30 -p tcp >>>>>> -m >>>>>> > multiport --dport 80 -j DNAT --to-destination 172.20.0.30:8080 >>>>>> <http://172.20.0.30:8080> >>>>>> > <http://172.20.0.30:8080> >>>>>> > >>>>>> > Ao ativar o nat a internet simplesmente para, entao fiz o mesmo >>>>>> nat >>>>>> > para o proxy que se encontra na mesma maquina e funcionou >>>>>> normalmente. >>>>>> > Ainda estou com o dansguardian basicao apenas com as blacklist >>>>>> padrões >>>>>> > dele, o que mais me intriga é que ao redirecionar o NAT acima pro >>>>>> > squid a navegação ficou norma. >>>>>> > Alguém ja passou por esse tipo de problemas, agradeço desde ja >>>>>> ajuda. >>>>>> > >>>>>> > PS.: 1- Não é problema de hardware, pois o servidor é um >>>>>> poweredge com >>>>>> > placa gigabit. >>>>>> > 2- Já discuti com o gerente de "projeto" pois queria >>>>>> fazer >>>>>> > essa solução usando bridge e ele não aprovou. >>>>>> > >>>>>> > Att. >>>>>> > >>>>>> > -- >>>>>> > Leandro Moreira >>>>>> > Linux Administrator: LPIC-1 >>>>>> > e-mail/msn: lean...@leandromoreira.eti.br >>>>>> <mailto:lean...@leandromoreira.eti.br> >>>>>> > <mailto:lean...@leandromoreira.eti.br >>>>>> <mailto:lean...@leandromoreira.eti.br>> >>>>>> > Tel.: + 55(32) 9906-5713 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Leandro Moreira >>>>>> Linux Administrator: LPIC-1 >>>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>>> <mailto:lean...@leandromoreira.eti.br> >>>>>> Tel.: + 55(32) 9906-5713 >>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>>> >>> >>> -- >>> gter list https://eng.registro.br/mailman/listinfo/gter >>> >> >> >> >> -- >> Leandro Moreira >> Linux Administrator: LPIC-1 >> e-mail/msn: lean...@leandromoreira.eti.br >> Tel.: + 55(32) 9906-5713 >> > > > > -- > Leandro Moreira > Linux Administrator: LPIC-1 > e-mail/msn: lean...@leandromoreira.eti.br > Tel.: + 55(32) 9906-5713 > -- Leandro Moreira Linux Administrator: LPIC-1 e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713