Re: [ubuntu-uk] Dans Guardian help?
Chris Rowson wrote: I have become (slightly ambitiously) the volunteer system admin for a small local charity serving a small number of vulnerable users. I expect to commission and admin 5 PCs each with edubuntu 7.04 (a few are dual boot with windows). There will be a modem router and LAN including a switch. I believe that something like dans guardian is probably going to be important, and I can see a number of how to's on the forums. I would prefer not to use scripts, and it seems that apps are in repos ok. However, my experience with cacheing, proxies, and ip tables (and the concepts) is sparse, and I wondered if anyone here has experience or comments which might help me speed up? tia -- alan cocks Kubuntu user#10391 Hi Alan, I'm running dansguardian content filtering at the moment on a network serving 400 and odd machines. I'm happy to help you out if you get stuck. Actually just chucking it in and getting it going isn't too hard to be honest. Just grab danguardian and squid and configure using the supplied configuration files. Open /etc/dansguardian/dansguardian.conf Find the line that says UNCONFIGURED Comment it out by appending a # to the beginning of the line. If memory serves me correctly, squid arrives ready to go, but the config file is over at /etc/squid/squid.conf Squid should be listening on port 3128 and dansguardian on 8080 - point your browser at yourproxy:3128 for unfiltered and yourproxy:8080 for filtered internet access. Other things you might want to look at are a) configuring the actual content filtering level b) stopping squid from creating a log file (it doesn't need to, because dansguardian does) c) setting squid up to cache commonly accessed content to reduce bandwidth. Other stuff might come to me later. If you have any particular questions, I'll have a gander at the installation at work Thanks Chris (and Rob). I am beginning to get the idea I think. Am I correct in believing that the Filtering Machine is just 'somewhere' on the LAN as usual, and that the users machines are then configured to point to it, so LAN cabling is not affected? Also, is the arrangement fragile in some way - say, in that if for some reason the filtering machine is not running first, then things get really screwed up? Or does it all later settle down automatically when the filtering machine is later turned on? -- alan cocks Kubuntu user#10391 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Dans Guardian help?
Thanks Chris (and Rob). I am beginning to get the idea I think. Am I correct in believing that the Filtering Machine is just 'somewhere' on the LAN as usual, and that the users machines are then configured to point to it, so LAN cabling is not affected? Also, is the arrangement fragile in some way - say, in that if for some reason the filtering machine is not running first, then things get really screwed up? Or does it all later settle down automatically when the filtering machine is later turned on? -- alan cocks Kubuntu user#10391 to add to the stuff thats already been said, I used DansGuardian as a transparent proxy, its very easy and just needs 1 iptables rule: /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 then set iptables to block 3128 for squid and no-one will know they are being content filtered and proxied until it tells them they can't access a certain page. This also means you don't have to go around setting everyones proxy manually, but this only works if you have squid/dansguardian running on the default gateway for the network. (and dont forget to add transparent into squid.conf so the line is like this: http_port 3128 transparent ) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Dans Guardian help?
alan c wrote: I have become (slightly ambitiously) the volunteer system admin for a small local charity serving a small number of vulnerable users. I expect to commission and admin 5 PCs each with edubuntu 7.04 (a few are dual boot with windows). There will be a modem router and LAN including a switch. I believe that something like dans guardian is probably going to be important, and I can see a number of how to's on the forums. I would prefer not to use scripts, and it seems that apps are in repos ok. However, my experience with cacheing, proxies, and ip tables (and the concepts) is sparse, and I wondered if anyone here has experience or comments which might help me speed up? tia Hi Alan, Are you going to use a dedicated box as a server? I would have suggested SME Server from www.contribs.org as it has Dans Guardian built in (plus Samba file sharing, Clam Anti-Virus scanning, IMAP Mail server). Otherwise from what I remember I managed to install a local copy of Dans Guardian on Ubuntu. Just requires you to set the proxy server on Firefox to the proxy port on the local box. IIRC you should be able to use localhost:3128 on a machine with Dans Guardian installed on it. Another thing you might want to consider if you haven't already deployed the PCs is to have a look at LTSP. Rob -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Dans Guardian help?
Rob Beard wrote: alan c wrote: I have become (slightly ambitiously) the volunteer system admin for a small local charity serving a small number of vulnerable users. I expect to commission and admin 5 PCs each with edubuntu 7.04 (a few are dual boot with windows). There will be a modem router and LAN including a switch. I believe that something like dans guardian is probably going to be important, and I can see a number of how to's on the forums. I would prefer not to use scripts, and it seems that apps are in repos ok. However, my experience with cacheing, proxies, and ip tables (and the concepts) is sparse, and I wondered if anyone here has experience or comments which might help me speed up? tia Hi Alan, Are you going to use a dedicated box as a server? I would have suggested SME Server from www.contribs.org as it has Dans Guardian built in (plus Samba file sharing, Clam Anti-Virus scanning, IMAP Mail server). Otherwise from what I remember I managed to install a local copy of Dans Guardian on Ubuntu. Just requires you to set the proxy server on Firefox to the proxy port on the local box. IIRC you should be able to use localhost:3128 on a machine with Dans Guardian installed on it. Thanks Rob does local box mean the 'modem router' or a specific PC set up as something? I am not clear about what is the 'proxy port' (sorry). Is this the port to a proxy server or from it? As I understand things (and expect) the PCs will not really have a formal arrangement apart from being connected to the same LAN. One or more might be in use and I will not often be present at all. A main office PC will also be using the LAN, and will most likely be on always, however it is not linux and (for non technical reasons) I would prefer to leave that unmodified. Initially at least I would like to imagine that something (dans guardian?) could be installed onto each PC and be self contained in that machine. Does that mean that a proxy server (?) needs to be installed into each PC? or what? If this concept is valid it would be like a single home PC and router, at each PC. Maybe not elegant, but could it work? I suppose in time it might be practical to be more formal and take all PCs from one machine which is guarding the LAN, is that the usual SME or school technique? tia -- alan cocks Kubuntu user#10391 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Dans Guardian help?
I have become (slightly ambitiously) the volunteer system admin for a small local charity serving a small number of vulnerable users. I expect to commission and admin 5 PCs each with edubuntu 7.04 (a few are dual boot with windows). There will be a modem router and LAN including a switch. I believe that something like dans guardian is probably going to be important, and I can see a number of how to's on the forums. I would prefer not to use scripts, and it seems that apps are in repos ok. However, my experience with cacheing, proxies, and ip tables (and the concepts) is sparse, and I wondered if anyone here has experience or comments which might help me speed up? tia -- alan cocks Kubuntu user#10391 Hi Alan, I'm running dansguardian content filtering at the moment on a network serving 400 and odd machines. I'm happy to help you out if you get stuck. Actually just chucking it in and getting it going isn't too hard to be honest. Just grab danguardian and squid and configure using the supplied configuration files. Open /etc/dansguardian/dansguardian.conf Find the line that says UNCONFIGURED Comment it out by appending a # to the beginning of the line. If memory serves me correctly, squid arrives ready to go, but the config file is over at /etc/squid/squid.conf Squid should be listening on port 3128 and dansguardian on 8080 - point your browser at yourproxy:3128 for unfiltered and yourproxy:8080 for filtered internet access. Other things you might want to look at are a) configuring the actual content filtering level b) stopping squid from creating a log file (it doesn't need to, because dansguardian does) c) setting squid up to cache commonly accessed content to reduce bandwidth. Other stuff might come to me later. If you have any particular questions, I'll have a gander at the installation at work Cheers Chris -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Dans Guardian help?
does local box mean the 'modem router' or a specific PC set up as something? I am not clear about what is the 'proxy port' (sorry). Is this the port to a proxy server or from it? As I understand things (and expect) the PCs will not really have a formal arrangement apart from being connected to the same LAN. One or more might be in use and I will not often be present at all. A main office PC will also be using the LAN, and will most likely be on always, however it is not linux and (for non technical reasons) I would prefer to leave that unmodified. Initially at least I would like to imagine that something (dans guardian?) could be installed onto each PC and be self contained in that machine. Does that mean that a proxy server (?) needs to be installed into each PC? or what? If this concept is valid it would be like a single home PC and router, at each PC. Maybe not elegant, but could it work? I suppose in time it might be practical to be more formal and take all PCs from one machine which is guarding the LAN, is that the usual SME or school technique? tia -- Although you can install dansguarian and a proxy on each machine, and set the browser to listen to localhost, you're just setting yourself up for headache. The best thing to do is get an unused PC and install dansguardian and squid/tinyproxy on it then point the client machines at this PC for content filtering. If you don't, you'll end up administering lots of instances of the software thus increasing workload and margin for error. Cheers Chris -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
