Dansguardian Content Filtering with Transparent Proxy on Ubuntu 9.10 Karmic
Content Filtering
(Ubuntu 9.10)
Objectives:
1. Add content filtering to an existing Ubuntu system.
2. Prevent user from bypassing the filtering system.
Software:
Open a terminal and type:
user@system:~$ sudo apt-get install iptables dansguardian squid
Configuration:
1. Squid
Open a terminal and type:
user@system:~$ sudo gedit /etc/squid/squid.conf
change this line:
http_port 3128
to
http_port 3128 transparent
Save file then open a terminal and type:
user@system:~$ sudo /etc/init.d/squid restart
2. Dansguardian
Open a terminal and type:
user@system:~$ sudo gedit /etc/dansguardian/dansguardian.conf
change this line:
UNCONFIGURED
to:
#UNCONFIGURED
Save file then open a terminal and type:
user@system:~$ sudo /etc/init.d/dansguardian start
3. Test Proxy
Open Firefox
Go to http://tits.com or other known bad site.
The site should display.
Now in Firefox select
Edit > Preferences > Advanced > Connection > Settings
Select Manual proxy configuration
In the HTTP Proxy box type: 127.0.0.1 Port: 8080
Place a Check in the box labeled Use this proxy server for all protocols
Click OK then Close
Go to http://google.com and Google should be displayed. Click Refresh and verify it’s still working.
Go to http://tits.com or other known bad site.
The site should show as blocked. You may have to hit refresh for this to work.
At this point, the proxy is working.
Now in Firefox select
Edit > Preferences > Advanced > Connection > Settings
Select No proxy
Click OK then Close
4. Test iptables
iptables is the firewall for Ubuntu. If you are using a firewall front end such as shorewall, etc. then you will have to adapt the concept below to your particular configuration. On a clean install of Ubuntu, this will work as written.
Open a terminal and type:
user@system:~$ sudo iptables -t nat -A OUTPUT -p tcp -m owner ! –uid-owner proxy –dport 80
-j REDIRECT –to-port 8080
This tells the firewall that outgoing web requests requested that are made by anyone other that the proxy should be redirected to the proxy
Open Firefox
Go to http://tits.com or other known bad site.
The site should show as blocked. If so, the firewall is correctly configured as a transparent proxy.
Now, to make the changes permanent.
Open a terminal and type:
user@system:~$ sudo gedit /etc/init.d/tproxy
Add this line:
iptables -t nat -A OUTPUT -p tcp -m owner ! –uid-owner proxy –dport 80
-j REDIRECT –to-port 8080
Save and exit.
Issue this command to make the file executable:
user@system:~$ sudo chmod a+x /etc/init.d/tproxy
Issue this command to make the above script run at startup:
user@system:~$ sudo update-rc.d tproxy
That’s it.
http://www.tranquilpenguin.com
February 11th, 2010 at 9:20 am
Here’s some more information based on Ubuntu 9.10 install issue I had:
I set up a machine as stated, but I noticed it didn’t work with the Wireless NIC.
When network manager started up, it broke squid. restarting squid after making the wifi connection fixed it.
I didn’t want to mess with anything, so I did this to fix it:
1. remove network-manager and network-manager-gnome
2. edit /etc/network/interfaces:
auto lo wlan0
iface lo inet loopback
iface wlan0 inet dhcp
wireless-essid SSIDNAMEHERE
wireless-mode Managed
Note: I do not transmit ssid. You will have to change if you use encryption.
After that I restarted.
All is well now.