Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-19-2008, 08:08 PM
|
#1
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
|
Dansguardian/SquidGuard - Web Filter/ Squid
I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?
Last edited by metallica1973; 01-19-2008 at 08:09 PM.
|
|
|
01-20-2008, 03:32 AM
|
#2
|
Member
Registered: Jul 2005
Location: Ohio
Distribution: CentOS 4 & 5, Ubuntu 7.04 & 7.10
Posts: 38
Rep:
|
Well. I'm using squid and dansguardian too. When I first looked into it I investigated http://www.untangle.com/, but could get it to install on my low end hardware.
|
|
|
01-20-2008, 05:30 AM
|
#3
|
Member
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241
Rep:
|
Smoothwall has commercial appliances and software that are as powerful at filtering etc.
However, DansGuardian isn't THAT bad. I know of at least one school of 1000+ users that is using it 24/7 as the primary Internet filter (and transparent proxy/bridge, so ALL Internet-bound traffic passes through that single machine without any problems). The PC it runs on is an old server, not that high-spec, and it copes admirably. Granted, you really need a nice GUI on top to manage it properly but when there's only ever really one person or a small team managing something like that, a few shell scripts or a single PHP page can more than comfortably handle the majority of common features. Your situation might be different, however.
Give Smoothwall a call - they were very knowledgeable and helpful last time I spoke to them.
|
|
|
01-20-2008, 11:55 AM
|
#4
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
I was hoping to find something for free that competes with it. Thanks
|
|
|
01-25-2008, 10:25 AM
|
#5
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
Mainly to OP: - What are you not completely happy with? How about a couple of examples to give us a feel for the source of your discontent?
- In what way(s) does DansGuardian lack flexibility? Again, just 1 or 2 examples would suffice.
- Thanks, Jay, for the Untangle link -- it's very interesting. Unfortunately, I suspect the advanced, more flexible, features are not free:
(from http://wiki.untangle.com/index.php/Policy_Management)
Quote:
Advanced Policy Management with 'Custom Racks' is currently only available in the Professional Package. You can, however, create 'No Rack' and 'Default Rack' policies in the Open Source version.
|
- I presume you are aware of SmoothWall Express, the community (free) version, & do not think it meets your needs.
- IPCop, which is free in both senses, started out as fork of SmoothWall -- would it work for you?
- Last time I looked, Dan works for SmoothWall, Ltd.
|
|
|
01-25-2008, 10:42 AM
|
#6
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by
dansguardian.org
or a google search.
Also reporting would be a nice feature.
Last edited by metallica1973; 01-25-2008 at 10:43 AM.
|
|
|
01-25-2008, 11:08 AM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by metallica1973
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by dansguardian.org or a google search.
|
IIRC this was tedious to do in earlier DG versions (I would actually run several DGs and have the router take clients to the appropriate instance based on source IP and MAC). It should, however, be pretty straight-forward using the 2.9.x.x branch, as AFAICT it includes an IP authentication plugin which lets you set different filters for different groups.
|
|
|
01-25-2008, 11:14 AM
|
#8
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
|
|
|
01-25-2008, 11:40 AM
|
#9
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by metallica1973
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
|
I think you misunderstood my post. I know from experience that it used to be tedious on prior versions. But AFAICT this is not the case anymore with the 2.9.x.x branch. I downloaded a tarball a few minutes ago to have a look and got the impression you could achieve what you want without any major fuss at all.
|
|
|
01-25-2008, 01:39 PM
|
#10
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
Ill give it a shot. thanks
|
|
|
01-25-2008, 01:57 PM
|
#11
|
Member
Registered: Jul 2005
Location: Ohio
Distribution: CentOS 4 & 5, Ubuntu 7.04 & 7.10
Posts: 38
Rep:
|
I think squid guard might be able to do what you were talking about in your example. Here's a link to its docs talking about limiting based on IP address.
http://www.squidguard.org/Doc/extended.html#sourceIP
I guess you would also need Squid installed but that might offer a speed boost in that it's a web cache.
|
|
|
10-24-2009, 07:54 AM
|
#12
|
LQ Newbie
Registered: Oct 2009
Posts: 2
Rep:
|
Solution to your qurery (SafeSquid)
Quote:
Originally Posted by metallica1973
I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?
|
After using DANSGUARDIAN AND SQUIDGURAD I suggest you should try to use SafeSquid having a multithreaded architcure and having far more better features and benefits .It has a browser based GUI interface which gives much more flexibility in terms of Content Filtering .Its an open source software and i have personally used it i can provide you with the details of it and provide you the link for its installation which is free upto three users and then you can commercially but the product starting from 5 to 1000 users depending upon how many users are there.
You can just type safesquid on your search engine and then the website of SafeSquid will guide you and solve all your constant queries.
I can provide and help you with the installation process of it.
|
|
|
10-24-2009, 05:03 PM
|
#13
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
karanb17, after reading your intro, I suspect you're using your LQ privileges for the sole purpose of pushing a software product. I guarantee you that your LQ privileges will be revoked if you continue down this path. You've been warned.
|
|
|
All times are GMT -5. The time now is 07:14 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|