Squid + Dansguardian Setup

Lewy1 · 08-12-2012, 05:13 AM

I've searched around for a long time but could not find clear instructions that I could understand for the following scenario.
I have a router running tomato on an internal ip address 10.0.1.1, and a pogoplug running debian and nginx at 10.0.1.7. I would like to set up a content filter on the pogoplug using squid and dansguardian or (squidguard). I will need all web requests to the router to go through squid/dansguardian.
Can someone please provide the basic changes needed to be made in the squid and dansguardian conf files, and the changes made to tomatoto force all requests through squid/dansguardian.
Thank you very much.

TheMadIndian · 08-22-2012, 06:26 PM

Quote:

Originally Posted by Lewy1

I've searched around for a long time but could not find clear instructions that I could understand for the following scenario.
I have a router running tomato on an internal ip address 10.0.1.1, and a pogoplug running debian and nginx at 10.0.1.7. I would like to set up a content filter on the pogoplug using squid and dansguardian or (squidguard). I will need all web requests to the router to go through squid/dansguardian.
Can someone please provide the basic changes needed to be made in the squid and dansguardian conf files, and the changes made to tomatoto force all requests through squid/dansguardian.
Thank you very much.

have you seen this?
http://tomatousb.org/forum/t-305093

I can tell you how I did it with iptables, if you can figure out Tomato to redirect 80 443 traffic

I have dansguardian listening on 8080 and squid listening on 3128

I redirect 80 and 443 to 8080 using iptables, in dansguardian I've configured proxyport to 3128

Lewy1 · 08-24-2012, 02:02 AM

Quote:

Originally Posted by TheMadIndian

have you seen this?
http://tomatousb.org/forum/t-305093

I can tell you how I did it with iptables, if you can figure out Tomato to redirect 80 443 traffic

I have dansguardian listening on 8080 and squid listening on 3128

I redirect 80 and 443 to 8080 using iptables, in dansguardian I've configured proxyport to 3128

Thanks, I did see that at some point, but it is for installing dansguardian on the router itself. I'm not sure how to configure things when it's on a separate box, and although I think I have a pretty good idea of what needs to be done I don't know how to implement it.

TheMadIndian · 08-24-2012, 06:28 AM

Quote:

Originally Posted by Lewy1

Thanks, I did see that at some point, but it is for installing dansguardian on the router itself. I'm not sure how to configure things when it's on a separate box, and although I think I have a pretty good idea of what needs to be done I don't know how to implement it.

Does the router support dnat?

TheMadIndian · 08-24-2012, 06:30 AM

I just checked it does. I'll send you the syntax when I'm not on my phone

TheMadIndian · 08-24-2012, 08:27 AM

ok according to this article its nothing more than iptables http://tomatousb.org/tut:setup-multi...tic-public-ips

so on the router you need to redirect 80 traffic (443 doesn't allow man in the middle) to your server running squid and dansguardian based on your example above 10.0.1.7

I like to declare variables for iptables

Code:

ipt="/sbin/iptables"

LAN_IFACE="eth0" (you'll need to replace this with the appropriate internal interface name on the router)

$ipt -t nat -A PREROUTING -i $LAN_IFACE -p tcp -m iprange --src-range $localsrc --dport 80 -j DNAT --to 10.0.1.7:8080

you can replace $localsrc if it doesn't resolve, change it to the range you want to redirect for instance

Code:

$ipt -t nat -A PREROUTING -i $LAN_IFACE -p tcp -m iprange --src-range 10.0.1.2-10.0.1.250 --dport 80 -j DNAT --to 10.0.1.7:8080

this assumes you've configured dansguardian to listen on 8080

Lewy1 · 08-27-2012, 02:33 PM

Thank you very much for your help. Sorry it so long for me to reply, but I just saw your posts.