Author Topic: Dansguardian port forwarding 80 to 8081  (Read 33740 times)

wierdbeard65

  • Guru
  • ****
  • Posts: 449
    • View Profile
    • My Quest
Re: Dansguardian port forwarding 80 to 8081
« Reply #30 on: August 25, 2009, 10:44:29 am »
Thanks, anupindi! I'll test as soon as I get the chance - probably next week sometime.

Good point, Colin - makes life much easier  ;)
Paul
If you have the time to help, please see where I have got to at: http://wiki.linuxmce.org/index.php/User:Wierdbeard65

anupindi007

  • Regular Poster
  • **
  • Posts: 30
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #31 on: August 26, 2009, 02:03:34 am »
On your request i have modified the post and put the contents at the following wiki and you suggestions are welcome:

Please go through the draft dansgaurdian installation steps at wiki:
http://en.wikipedia.org/wiki/User:Anupindi007
« Last Edit: August 26, 2009, 02:09:07 am by anupindi007 »

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #32 on: August 26, 2009, 02:06:00 am »
I would suggest putting this under it's own wiki page and not under your user page.

anupindi007

  • Regular Poster
  • **
  • Posts: 30
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #33 on: August 26, 2009, 06:39:19 am »
Sure, just for draft I did it, once it finalized we will post in respective location and I will remove from my wiki.  Is it ok?
« Last Edit: August 26, 2009, 06:43:06 am by anupindi007 »

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #34 on: August 29, 2009, 05:13:47 am »
anupindi007,

Thanks again for detailing your steps.  I'm making my way through your recipe and noticed one disconnect.

in this thread you say that:
Quote
/etc/shorewall/interfaces file looks like:
#ZONE   INTERFACE   BROADCAST   OPTIONS
net eth0 detect dhcp,tcpflags
loc eth1 detect dhcp

but in your wiki at http://en.wikipedia.org/wiki/User:Anupindi007 you say:
Quote
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
#Note assuming "eth0"- is internal ip & "eth1"- is external ip
net eth1 detect dhcp,tcpflags
loc eth0 detect dhcp


I believe that your notes in this thread are correct since in a standard lmce install, eth0 is the external.

So that's how I'm trying it and just wanted to document this as I was going.

thanks,
joseph

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #35 on: August 29, 2009, 05:31:47 am »
quick update,

the same reversal issue is in masq.   Earlier in this thread you posted

Quote
/etc/shorewall/masq files looks like:
#INTERFACE      SOURCE      ADDRESS      PROTO   PORT(S)   IPSEC   MARK
eth0 eth1

but your wiki has
Quote
eth1 eth0
which I believe is incorrect and cause issues for anyone trying to follow that recipe.

joseph

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #36 on: August 29, 2009, 07:07:36 am »
Thank you again,

I got it running!  And offer a few more nits on cleaning up the documentation:

  The lastline on /etc/shorewall/zones needs the comment (#)
   I don't thing you need to make any changes to
            /etc/dhcp3/dhcpd.conf
                  or
           /etc/network/interfaces


Also, there is a nice dg log viewer
simply
dcerouter_1001275:~# apt-get install dglog

then http://dcerouter/cgi-bin/dglog.pl

and you'll have a nice customizable web log viewer.

And maybe we can get it into the web admin.

joseph



colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #37 on: August 29, 2009, 03:50:27 pm »
Joseph

Rather than potentially letting inaccurate documentation languish on the wiki, can you please make all the appropriate changes? It doesn't matter if you are mistaken in some way as any wiki change can very easily be reverted with a single click. So while we are waiting for anupindi to get back to us, we should get the doco corrected ... too often a piece of doco is left inaccurate because of this situation and stays that way because the OP never comes back to us....

Col

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #38 on: August 29, 2009, 06:02:19 pm »
Colin,

I'm happy to help.  OPs wiki is in his userspace on wikipedia and stated he was going to move it from this draft location when finalized.  I was offering my observations as a proofread of his draft and let him update the actual linuxmce wiki with the improvements as he described.  And so I suspect he'll get it shortly; if not I will.

thanks,
joseph






schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #39 on: August 30, 2009, 12:20:08 am »
Team,

I'm continuing to work on it and will document things here while we're working out the kinks.


Srinivas' wiki, http://en.wikipedia.org/wiki/User:Anupindi007
also notes under Troubleshooting that - Still not working restart the system once.

I can confirm that dg's content filtering does not work after a reboot.

All of the services are in /etc/init.d
These are:  apache2, dnsmasq, tinyproxy, shorewall, dansguardian, and dhcpd

And #ps -ef | grep <service> showed results for all of them except dnsmasq and shorewall

So, I executed  /etc/init.d/dnsmasq restart and /etc/init.d/shorewall restart

And the filtering is working (playboy.com is blocked).

ps -ef still shows no results for dnsmasq and shorewall and I suspect that perhaps all I needed to do was restart shorewall.  Not sure why it didn't do so upon init.

Thoughts welcome.
joseph
 

anupindi007

  • Regular Poster
  • **
  • Posts: 30
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #40 on: August 31, 2009, 04:44:17 am »
hi,
Give me a day time I will update with with proper comments, I was stuck with some other system while configuring same thing.

You can also modify my temp wiki as per the needs so that(I will just cut & paste) once I post it on the linuxMCE site I will remove the my wiki post.

My issue was as follows and not able to figure out cause and resolution of the issue and because of this tinyproxy not listening and forwarding.
tinyproxy staring but /etc/log/tinyproxy.log says
"Accepting connections. CONNECT
 read request_request_line:Client (file description:7) closed socket before read."

Thanks :)

anupindi007

  • Regular Poster
  • **
  • Posts: 30
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #41 on: September 01, 2009, 04:07:21 am »
I have moved the document to http://wiki.linuxmce.org/index.php/Installing_Dansguardian_on_LinuxMCE location and is it in the right location?  I request you all to check line by line and modify as per the standards so that we can finalize the same.

Joseph: dg log view link is not pointing to right page could you update in the details in the wiki. 

Thanks
Srinivasu anupindi

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #42 on: September 01, 2009, 04:15:00 am »

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #43 on: September 01, 2009, 05:41:29 am »
Yes,
Many of the initial steps are the same and were taken from old wiki.

Srinivasu anupindi's innovation was to use the firewall so that configuration changes did not have to be made at each client.  So we should be able to cross level the two wiki's and prune easily.

Another (future) improvement may be to use squid instead of tinyproxy so that you get caching as well.

thanks,
joseph

schaferj

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: Dansguardian port forwarding 80 to 8081
« Reply #44 on: September 01, 2009, 06:01:17 am »
Installing webmin and dansguardian webmin module.

Also, I have successful results to report from installing webmin and the dansguardian module to webmin.
webmin has many tools that allow easy (web) viewing and manipulation of many services - for instance it has an easy web-based log viewer.  [This could be dangerous if you tinker with settings you do not understand!]

The dansguardian module also allows customization of many of the dg settings.

I'll describe the install in two steps.  One - install webmin, and two - install & configure dg module for webmin.

ONE - install webmin on lmce:
older version reference: http://www.ubuntugeek.com/ubuntu-serverinstall-gui-and-webmin-in-ubuntu-810-intrepid-ibex-guide.html

Preparing your system.  First you need to install the additional packages as follows:

sudo aptitude install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl

Now download the latest webmin using the following command or from here

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.480_all.deb

Now we have webmin_1.480  _all.deb package install this package using the following command

sudo dpkg -i webmin_1.480_all.deb

This will complete the installation.

Ubuntu in particular doesn’t allow logins by the root user by default. However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges.

Now you need to open your web browser and enter the following

https://192.168.80.1:10000/
 and this will show many webmin capabilities - but not the dg third party module.


TWO - Install and configure the Dansguardian Webmin module
references:   http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch-p2
     http://sourceforge.net/projects/dgwebminmodule/files/dgwebmin-devel/0.7.0beta1b/


Install the Dansguardian Webmin module
Open a web browser to https://192.168.80.1:10000 and log in with madmin (sudoer). Go to Webmin > Webmin Configuration > Webmin Modules. Select "From ftp or http URL" and paste the link below into the dialog box and click Install Module.

http://downloads.sourceforge.net/project/dgwebminmodule/dgwebmin-devel/0.7.0beta1b/dgwebmin-0.7.0beta1b.wbm?use_mirror=voxel

You should see:
The following modules have been successfully installed and added to your access control list :
DansGuardian Web Content Filter in /usr/share/webmin/dansguardian (4612 kB) under category Servers


The first time you try to run the dg module, you'll get errors such as:
Warning - DansGuardian binary file not found, maybe you need to update your module config (especially the directory paths).  (Expected location: /sbin/dansguardian)

The problem is that the we are using differnet directory locations for many of the files.

So, look at the Configurable options for DansGuardian Web Content Filter (in the upper left corner of the dg page) - and nearly every path needs to be changed.  For instance, our binary is in /usr/sbin/dansguardian instead of /sbin/dansguardian, so change that.

Confirm the locations for the rest of the files by running #find as follows (or just use these locations)
dcerouter_1001275:/usr/local/sbin# find / -name dansguardian
/usr/share/webmin/dansguardian
/usr/share/lintian/overrides/dansguardian
/usr/share/doc/dansguardian
/usr/share/dansguardian
/usr/sbin/dansguardian
/var/log/dansguardian
/etc/webmin/dansguardian
/etc/init.d/dansguardian
/etc/logrotate.d/dansguardian
/etc/dansguardian
dcerouter_1001275:/usr/local/sbin#

When you've finished replacing all of the locations, hit save on the config page and then "stop & restart DG" on the top right of the main DG page.

Then it should work!  If not, check your syslog for errors.
You should be able to check the status of DG, review logs with a good viewer, and view and edit many of the detailed configurations.

(we can add this to the wiki as well)
thoughts welcome,

joseph