Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?
Last edited by metallica1973; 01-19-2008 at 07:09 PM.
Well. I'm using squid and dansguardian too. When I first looked into it I investigated http://www.untangle.com/, but could get it to install on my low end hardware.
Smoothwall has commercial appliances and software that are as powerful at filtering etc.
However, DansGuardian isn't THAT bad. I know of at least one school of 1000+ users that is using it 24/7 as the primary Internet filter (and transparent proxy/bridge, so ALL Internet-bound traffic passes through that single machine without any problems). The PC it runs on is an old server, not that high-spec, and it copes admirably. Granted, you really need a nice GUI on top to manage it properly but when there's only ever really one person or a small team managing something like that, a few shell scripts or a single PHP page can more than comfortably handle the majority of common features. Your situation might be different, however.
Give Smoothwall a call - they were very knowledgeable and helpful last time I spoke to them.
Advanced Policy Management with 'Custom Racks' is currently only available in the Professional Package. You can, however, create 'No Rack' and 'Default Rack' policies in the Open Source version.
I presume you are aware of SmoothWall Express, the community (free) version, & do not think it meets your needs.
IPCop, which is free in both senses, started out as fork of SmoothWall -- would it work for you?
Last time I looked, Dan works for SmoothWall, Ltd.
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by dansguardian.org or a google search.
IIRC this was tedious to do in earlier DG versions (I would actually run several DGs and have the router take clients to the appropriate instance based on source IP and MAC). It should, however, be pretty straight-forward using the 2.9.x.x branch, as AFAICT it includes an IP authentication plugin which lets you set different filters for different groups.
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
I think you misunderstood my post. I know from experience that it used to be tedious on prior versions. But AFAICT this is not the case anymore with the 2.9.x.x branch. I downloaded a tarball a few minutes ago to have a look and got the impression you could achieve what you want without any major fuss at all.
I think squid guard might be able to do what you were talking about in your example. Here's a link to its docs talking about limiting based on IP address.
I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?
After using DANSGUARDIAN AND SQUIDGURAD I suggest you should try to use SafeSquid having a multithreaded architcure and having far more better features and benefits .It has a browser based GUI interface which gives much more flexibility in terms of Content Filtering .Its an open source software and i have personally used it i can provide you with the details of it and provide you the link for its installation which is free upto three users and then you can commercially but the product starting from 5 to 1000 users depending upon how many users are there.
You can just type safesquid on your search engine and then the website of SafeSquid will guide you and solve all your constant queries.
I can provide and help you with the installation process of it.
karanb17, after reading your intro, I suspect you're using your LQ privileges for the sole purpose of pushing a software product. I guarantee you that your LQ privileges will be revoked if you continue down this path. You've been warned.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.