Dansguardian Howto
by S. Christian Collins
Setting up Parental Controls
Use Synaptic to download the following packages and their dependencies:
- DansGuardian
- kdeadmin-ksysv
- webmin
After Synaptic finishes downloading and installing the packages, you will need to edit some files. Using "PC-menu -> System -> File Tools -> File Manager - Super User Mode" is probably the easiest way to do this.
Edit /etc/squid/squid.conf (you can double-click the file and it will open up in Kwrite)
find the line:
http_port 3128
and change it to:
http_port 3128 transparent
then copy and paste these lines to the end of the file:
always_direct allow all cache_effective_user squid cache_effective_group squid
Edit /etc/dansguardian/dansguardian.conf and look for:
filterip =
and change it to:
filterip = 127.0.0.1
Change:
usernameidmethodproxyauth = on
to:
usernameidmethodproxyauth = off
Find the following lines in the text (near the bottom):
# daemonuser = 'nobody' # daemongroup = 'nobody'
and replace them with (make sure to delete the # at the beginning of each line):
daemonuser = 'squid' daemongroup = 'squid'
Edit /etc/rc.d/rc.local
NOTE: Double-clicking this file will execute it, so instead, "right-click -> Open With -> Kwrite"
Paste the following lines at the end of the file (make sure that wrapped lines in this document end up on one line in the text file):
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
Download the DansGuardian-webmin module from here:
http://sourceforge.net/projects/dgwebminmodule/
Next, install the DansGuardian-webmin-module in Webmin by opening the following link in your browser:
https://localhost:10000/webmin/edit_mods.cgi
Click "Webmin Modules", and you will choose to "Install module from local file." Click the "..." to browse the file. If you saved it to your desktop, for example, the file will be at /home/user/Desktop/..., where user is your user name. After you've selected the file, click "Install Module". Now, click the "Servers" button at the top of your webmin browser and click "DansGuardian" to see the options. DansGuardian isn't running yet, but you can still edit configuration files if you want.
Next, you need to make sure your PC has a so-called "hostname", or things might not work right. You can set the "hostname" by opening the PCLinuxOS Control Center and enter the tab "Network & Internet", section "Alter miscellaneous internet settings." Set a qualified hostname. You can invent something fancy but "mypc.mynetwork.net" will do fine for now. A fully qualified domain name is always in the form of name.network.net (or .com, or whatever). After changing the domain name, a dialog may suggest that you restart the session. Ignore it for now and proceed.
Now, as of this writing (12/01/07) PCLinuxOS seems to have a bug in the init script dependencies checking (see this thread:
http://www.pclinuxos.com/index.php?option=com_smf&Itemid=26&topic=35073.msg268580#msg268580).
This means that the services required for the Internet filtering may not start in the correct order during boot, causing DansGuardian to not load. Until the bug is fixed, the following solution should work just fine.
Start KsysV - "PC Menu -> System -> Configuration -> Boot and Init -> KsysV". The first time you run KsysV, it will ask some questions. For your OS, select "Linux", for distribution, select "Other", then accept the default paths on the next screen.
The main control window will appear. Under "Runlevel 5", scroll down until you see dansguardian on the list and make note of the number (it's 92 on my system). We need squid to start before dansguardian, and we need network and network-up to start before squid. On my system, squid, network and network-up are all no. 99. As you probably have guessed, the earlier numbered services start first. If your system already shows the correct order for the aforementioned services, then your setup is probably not affected by this bug.
Right-click on a service to change its sorting number. Use the up and down arrows to select the new number, since typing it sometimes doesn't take effect for some reason. Here is how I have set my sorting numbers, and this works just fine:
70 network 70 network-up 80 squid
Click the save icon to save the configuration.
Restart your computer, so that the necessary services will start on boot. One way to tell if everything is booting in the right order is to watch the init script while booting. Do this by pressing the ESC key while the system loads. Make note of anything that says [FAILED] to the right. If the services don't load in the correct order, then DansGuardian will fail with the message "error connecting to parent proxy".
Please note that the following action could possibly reset the startup order:
Performing an upgrade of related system services through Synaptic. The package chkconfig is responsible for this, I believe, but I'm not an expert in this area. You may have to use KsysV again using the "Enable or disable system services" option in the PCLinuxOS Control Center.
If you avoid doing either of those things, you shouldn't have to worry. Otherwise, you will need to reset the order again.
To edit the configuration of your web filtering software, log onto Webmin with a browser using the address: https://localhost:10000. Click on Webmin Modules, and then DansGuardian to control the settings. Webmin can also be set up to allow remote administration from another computer.
Hope this brings everyone up to date on this very useful application.