Dansguardian Content Filtering With Transparent Proxy On Ubuntu 9.10 Karmic

This tutorial explains how you can add content filtering to an existing Ubuntu 9.10 system, and how you can prevent users from bypassing the filtering system. We will use Dansguardian content filtering to set up a transparent proxy.

Objectives:

1. Add content filtering to an existing Ubuntu system.
2. Prevent users from bypassing the filtering system.

 

Software:

Open a terminal and type:

user@system:~$ sudo apt-get install iptables dansguardian squid

 

Configuration:

1. Squid

Open a terminal and type:

user@system:~$ sudo gedit /etc/squid/squid.conf

Change this line:

http_port 3128

to

http_port 3128 transparent

Save the file, then open a terminal and type:

user@system:~$ sudo /etc/init.d/squid restart

 

2. Dansguardian

Open a terminal and type:

user@system:~$ sudo gedit /etc/dansguardian/dansguardian.conf

Change this line:

UNCONFIGURED

to:

#UNCONFIGURED

Save file then open a terminal and type:

user@system:~$ sudo /etc/init.d/dansguardian start

 

3. Test Proxy

Open Firefox.

Go to http://tits.com or any other known bad site.

The site should display.

Now in Firefox select:

Edit > Preferences > Advanced > Connection > Settings

Select Manual proxy configuration.

In the HTTP Proxy box type: 127.0.0.1 Port: 8080
Place a check in the box labeled Use this proxy server for all protocols.

Click OK then Close.

Go to http://google.com and Google should be displayed. Click Refresh and verify it's still working.

Go to http://tits.com or any other known bad site.

The site should show as blocked. You may have to hit refresh for this to work.

At this point, the proxy is working.

Now in Firefox select:

Edit > Preferences > Advanced > Connection > Settings

Select No proxy.

Click OK then Close.

 

4. Test iptables

iptables is the firewall for Ubuntu. If you are using a firewall front end such as shorewall, etc. then you will have to adapt the concept below to your particular configuration. On a clean install of Ubuntu, this will work as written.

Open a terminal and type:

user@system:~$ sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 80 -j REDIRECT --to-port 8080

This tells the firewall that outgoing web requests that are made by anyone other than the proxy should be redirected to the proxy

Open Firefox:

Go to http://tits.com or any other known bad site.

The site should show as blocked. If so, the firewall is correctly configured as a transparent proxy.

Now, to make the changes permanent:

Open a terminal and type:

user@system:~$ sudo gedit /etc/init.d/tproxy

Add this line:

iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 80 -j REDIRECT --to-port 8080

Save and exit.

Issue this command to make the file executable:

user@system:~$ sudo chmod a+x /etc/init.d/tproxy

Issue this command to make the above script run at startup:

user@system:~$ sudo update-rc.d tproxy

That's it.

http://www.tranquilpenguin.com

Share this page:

14 Comment(s)