-   Linux - Newbie (
-   -   Endian Firewall, dansguardian (

brave1frommo 02-19-2008 02:43 PM

Endian Firewall, dansguardian
Does anyone know how to setup groups to be affacted differently by the content filtering (dans guardian) on Endian (variation of IPCOP)? I would like to be able to setup an admin group that has bypass permissions around the content filter. Or is there a way to have a password bypass through the content filter?


jmor3 02-19-2008 04:32 PM

Dan's Guardian groups ...
Hi, we run Dan's Guardian (DG) for filtering at our organization. We use the Webmin graphical interface to administer the DG features. From the DG bash script on our site, you can ...

" ... retrieve a list of users from a NT Domain controller, and based on group membership of the username, assign the username to a certain Dansguardian filtergroup. NOTE: You MUST modify several elements of this script to match your particular configuration. Also, this script depends upon SAMBA 3.02 being installed and joined to a working NT domain. While this script does not give Dansguardian the ability to select content filtering based on group membership, it does permit the assignment of users to filtergroups based on group membership thus saving the system administrator many keystrokes, especially on larger systems."

Our workstations run a SmoothWall mini-app that connects their login name with the DG user list. If someone's user name belongs to Group1, they automatically get different access than someone who belongs to Group2. If the details of this setup would help you, let me know and I can do some digging to see how the architects set up the system (I'm just the administrator).

Cheers, Mike

brave1frommo 02-20-2008 08:48 AM

Dans Guardian setup and chat question
We dont use domain accounts so is there a way to setup Dans Guardian to allow groups or is this what you were saying using WebMin to setup users and groups? Does your organization have a custom Access Denied page? I would like to notify users why the site was blocked and who to contact. I would really like to be able to give them a link on the page to bypass the filter with login, thus logging all use of the bypass.

On a seperate issue, does anyone know why Endian blocks use of all Chat apps? We have an internal chat app which uses port 13 and 227 and I have put rules in to allow this traffic even to external users. Yet it blocks the signin process and when I view the port scan it doesn't allow traffic on any of these ports.

Sorry for so many questions.


jmor3 02-21-2008 09:54 AM

Groups and Custom pages
Our DG web admin interface provides a control for groups. If you log into the DG admin page using a web browser, you should see a control panel titled View/Edit Groups. Our groups are numbered f1, f2, f3, and so on. We give each group different rights starting with f1 as the most restrictive, f2 with more permissions, and so on. The DG documentation says:

"DansGuardian can switch off filtering for certain users, sites and IPs, but not varying degrees. Nor can it block for ranges of IPs or subnets. Nor can it block by time of day. If you need this, install squidGuard also. (As of version 2.7.5 it can have different filtering for groups of users but it still can't do time of day functionality nor subnets nor range of IPs)."

We do have a custom access denied page with a mail link so users can report a page to the webmaster if they think it's been unfairly blocked. The DG documentation says:

"When a page is denied, DansGuardian redirects to a cgi perl script on your web server to report to the user. This makes it easy to customise the message. This server does not need to be the same machine as the DansGuardian filter server, however if it is not local you will need to amend or comment out the perl script copying line in the Makefile."

The DG online documentation has been a big help for me to figure out the install and customization of the product.

Cheers, Mike

All times are GMT -5. The time now is 01:13 AM.