pfSense Support Subscription

Author Topic: Dansguardian package for 2.0  (Read 109418 times)

0 Members and 1 Guest are viewing this topic.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #45 on: January 30, 2012, 07:51:55 pm »
If you change dansguardian log to squid format don't get the same result as squid log?

EDIT

If I have some time tomorrow I'll see if I can find how HAVP before squid don't affect squid log.
« Last Edit: January 30, 2012, 08:03:24 pm by marcelloc »

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #46 on: January 31, 2012, 08:58:24 am »
If you change dansguardian log to squid format don't get the same result as squid log?

true.. since i want to have the bulk of the clients going to squid directly and a couple going to dansguard then squid.. It would be nice to have it one log for lightsquid. No biggie right now as I think its a squid3 issue and not dansguardian.... i would downgrade to squid2 but need ipv6 for a certain setup i have..

i'll keep messing around with it but since dansguardian can out put a squid log, there is a workaround.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #47 on: January 31, 2012, 11:16:20 am »
i got it to work... some how...lol

thanks again for all your help... I'm still going to mess around with the settings but squid3 is logging the client ip via dansguardian

I did add this to my squid options:
follow_x_forwarded_for allow localhost
forwarded_for delete

sqstat still shows the localhost when I do real-time monitoring but the log shows the client ip.. Which in away makes sense

« Last Edit: January 31, 2012, 11:19:01 am by Cino »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #48 on: January 31, 2012, 03:42:15 pm »
package version 0.1.3 is out

main chages:

  • cron updates for blacklist and clamav
  • template field for custom error page
  • fix some typos

still missing
  • SSL men in the middle feature

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #49 on: February 02, 2012, 12:38:02 pm »
looking good!

How does the users page work? i see the example you gave but not sure how to set it up for IP.. I enabled IP Address auth, then manually edit /usr/local/etc/dansguardian/lists/authplugins/ipgroups. That worked for me but would like to be able to use the GUI....

Also going to try it with freeradius2 with squid but going to see if I could use it based on IP/Subnets instead of usernames...

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #50 on: February 02, 2012, 12:41:47 pm »
I've not used auth by ip yet.

The first step to users tab is to create a second group

for example:
set groupname to fullaccess
set Filter Group Mode to unfiltered

save config

goto users tab and add a ip to this user list and test.

EDIT

I'll need to push a patch to fill up /usr/local/etc/dansguardian/lists/authplugins/ipgroups when ipauth is selected.

Thanks again cino for the info.
« Last Edit: February 02, 2012, 12:46:49 pm by marcelloc »

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #51 on: February 02, 2012, 09:48:56 pm »
in-case someone is looking, i found a ipv6 patch for dansguardian.. dont know if it'll work but wanted to share

http://tech.groups.yahoo.com/group/dansguardian/message/24827

patch

http://saschahlusiak.de/linux/dansguardian-ipv6.diff

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #52 on: February 02, 2012, 10:01:34 pm »
Cino,

Do you have a freebsd8.1 vm with ports to test this patch?

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #53 on: February 03, 2012, 08:33:12 am »
i do not... i think i have still have pc-bsd 8.1 vm on my home server...which i've used to get some drivers for the lcdproc package.. let me see if i can install a plain-jane freebsd 8.1 on it and see what i can do... been a while messing with patches and re-compiling ports... i'll search the forum as i think there were some basic how-to's...

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #54 on: February 03, 2012, 08:45:46 am »
I can help you

After freebsd install,
  • portsnap fetch
  • portsnap extract

Dansguardian port is in /usr/ports/www/dansguardian-devel

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #55 on: February 03, 2012, 11:26:56 am »
thanks again! just so i'm on the same page, what were the options you selected when you ran the make command? i see there are a few options then more options depending of the depen its going to install.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #56 on: February 03, 2012, 11:33:10 am »
thanks again! just so i'm on the same page, what were the options you selected when you ran the make command? i see there are a few options then more options depending of the depen its going to install.

That's my make config screen.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #57 on: February 03, 2012, 12:29:33 pm »
looks like the patch is for danguardian 2.10.1.1 :-(  Going to try it out tho and see if it works.

I dont know if my steps are correct, but after running the commands you provided. I downloaded dansguardian src to /usr/ports/distfiles then ran cmd make. After that command finished, I change to the src dir and ran the patch command. make configure, and now i'm in the process of running make install. I'm thinking i should had untar the src in the /usr/ports/distfiles then ran the make command. Does it matter?

Once make install is down. How to do I turn it into a package?

btw, i've attached the missing blockedflash.swf file... not needed but the error in the log goes away. should be placed here /usr/local/share/dansguardian

thanks again for all your help
« Last Edit: February 03, 2012, 12:32:19 pm by Cino »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +3/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #58 on: February 03, 2012, 12:44:22 pm »
looks like the patch is for danguardian 2.10.1.1 :-(  Going to try it out tho and see if it works.

I dont know if my steps are correct, but after running the commands you provided. I downloaded dansguardian src to /usr/ports/distfiles then ran cmd make. After that command finished, I change to the src dir and ran the patch command. make configure, and now i'm in the process of running make install. I'm thinking i should had untar the src in the /usr/ports/distfiles then ran the make command. Does it matter?
source is extracted to /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0
try to apply the patch there.

Once make install is down. How to do I turn it into a package?

instead of make install, do a make package. the dansguardian.tbz will be created on current dir.

btw, i've attached the missing blockedflash.swf file... not needed but the error in the log goes away. should be placed here /usr/local/share/dansguardian


Thanks, included in package install

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Dansguardian package for 2.0
« Reply #59 on: February 03, 2012, 01:05:47 pm »
thanks again... Looks like the patch doesn't work.. Its for 2.10.1.1 so I worked with that version just to see if it works but system is having problems binding to the IP.. I'll wait for it to be officially supported by dansguardian. You would think it would be supported by now. I know of a lot of companies including the one I work for that uses it.

I removed it from my box and went back to 2.12.0.0_1. It was a good learning experience tho :-)

Code: [Select]
Feb 3 13:58:12 dansguardian[51970]: Error binding server socket (is something else running on the filter port and ip?
Feb 3 13:58:12 dansguardian[51970]: Error binding socket: [135264876 :: 0] (Bad file descriptor)
Feb 3 13:57:37 dansguardian[33681]: Exiting with error
Feb 3 13:57:37 dansguardian[33681]: Error binding server socket (is something else running on the filter port and ip?
Feb 3 13:57:37 dansguardian[33681]: Error binding socket: [135264876 :: 0] (Bad file descriptor)
Feb 3 13:57:22 dansguardian[59298]: Exiting with error
Feb 3 13:57:22 dansguardian[59298]: Error binding server socket (is something else running on the filter port and ip?
Feb 3 13:57:22 dansguardian[59298]: Error binding socket: [135264876 0.0.0.0 0] (Bad file descriptor)
Feb 3 13:56:59 dansguardian[9179]: Exiting with error
Feb 3 13:56:59 dansguardian[9179]: Error binding server socket (is something else running on the filter port and ip?
Feb 3 13:56:59 dansguardian[9179]: Error binding socket: [135264876 192.168.0.1 0] (Bad file descriptor)