$ sudo aptitude install apache2
Setting a Static IP Address
Now make sure that you have a static IP address
$ sudo vi /etc/network/interfaces
And change the following (bold) to match your network
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
iface lo inet loopback
# The primary network interface
iface eth0 inet
Press Esc then :wq to save and exit. After saving the file, you must now restart the networking process
$ sudo /etc/init.d/networking restart
Installing and Configuring Squid
Install the Squid Proxy Server
$ sudo aptitude install squid
If you want to change the default port that squid listens on , change the http_port tag using vi, making a backup copy first
$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf_backup
$ sudo vi /etc/squid/squid.conf
change the line
to (or just add the line)
OK, now we’ll setup who is allowed access to the proxy. Find the http_access section (should start around line 1860) Uncomment these 2 lines and add your network allocations
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
Note: If you get a startup error ‘FATAL: Could not determine fully qualified hostname. Please set visible_hostname’ you will also need to modify the visible_hostname tag
Save the file and close (Esc :wq).
Installing and Configuring DansGuardian
To install DansGuardian, use the following command
$ sudo aptitude install dansguardian
Note: if you get an error “Couldn’t find any package whose name or description matched “dansguardian””…try
$ sudo gedit /etc/apt/sources.list
Add this lines:
# deb http://pt.archive.ubuntu.com/ubuntu/ jaunty universe
# deb -src http://pt.archive.ubuntu.com/ jaunty universe
$ sudo apt-get update
$ sudo aptitude install dansguardian
Once the package is installed, edit the following lines in the conf file to match, this will set DansGuardian to do basic filtering and use Squid as its proxy server.
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
To configure banned/exception sites based on either phrases, ip addresses, urls, mime type, etc… you would need to edit one of the following files. All files are located in /etc/dansguardian/
Restarting Squid and DansGuardian
Whenever a file is edited, it is good practice to restart both Squid and DansGuardian services by using the following commands
$ sudo /etc/init.d/dansguardian stop
$ sudo /etc/init.d/squid stop
$ sudo /etc/init.d/squid start
$ sudo /etc/init.d/dansguardian start
## to see if the service is running
$ ps –e | grep dansguardian
Now that Squid and DansGuardian are configured, test it by setting up your browser to use the proxy server with port 8080.
All of the commands are done from Terminal.
1. In Terminal log into root with the su – command and type your root password. The space – after su is necessary to get root’s path.
2. In Terminal enter the following command to install Squid.
yum install squid -y
3. Find out your DNS nameserver by entering in Terminal the following command:
In my case the screen output showed:
Another way you can find out your DNS nameserver is by entering from Terminal in Root:
and seeing the output on the second line.
Remember the nameserver value because you need to add it to the squid.conf file.
4. In your favorite text editor (I use gedit) open up /etc/squid/squid.conf. Find the line that says
and add 127.0.0.1: before 3128 and the word transparent after 3128 so that it looks like this:
http_port 127.0.0.1:3128 transparent
5. Find the line
Remove the hash mark in front of it, and under that line, add:
The two lines should therefore look like this:
6. At the end of the file, type
followed by a space and enter the value of the namerserver of your machine. In my case the last line looks like this:
7. Note: In Fedora 11 Preview on June 3, 2009, I also had to add to squid.conf the line:
visible_hostname = myhostname
or Squid would not start.
8. Save the file and exit the text editor.
9. Go to http://dag.wieers.com/rpm/packages/dansguardian/ and download the latest Dansguardian that matches your CPU architecture, either the .i386.rpm or the .x86_64.rpm.
10. In your favorite text editor, open /etc/dansguardian/dansguardian.conf
11. Search for the word filterip and edit that line adding 127.0.0.1 after filterip = so it looks like this:
filterip = 127.0.0.1
12. Search for the words daemonuser and daemongroup. Remove the hash marks before them, and change the word ‘nobody’ between the single quote marks to the word ‘squid’. It should look like this:
daemonuser = ‘squid’
daemongroup = ‘squid’
13. Save the file and exit the editor program.
14. Setup Iptables with the following commands:
iptables -t nat -A OUTPUT -p tcp –dport 80 -m owner –uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp –dport 3128 -m owner –uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp –dport 80 -j REDIRECT –to-ports 8080
iptables -t nat -A OUTPUT -p tcp –dport 3128 -j REDIRECT –to-ports 8080
iptables-save > /etc/sysconfig/iptables
service iptables restart
15. Change ownership of two directories with the following commands:
chown -R squid /var/log/dansguardian
chgrp -R squid /var/log/dansguardian
chown -R squid /var/spool/squid
16. Enter the following commands:
chkconfig httpd on
chkconfig squid on
chkconfig dansguardian on
service squid start
service dansguardian start
17. If you use Gnome, enter in Terminal:
In the Network Proxy Preferences click on Manual proxy configration to put a dot in the circle. Enter the value of 127.0.0.1 in the HTTP proxy section. The Port should already have the value of 8080. You need to do this in order for your browser, Yum, PackageManager, Gnome Weather, Google earth and any other application that uses the HTTP port to be able to connect to the Internet after doing all of the above. I’m sure KDE has some similar system proxy configuration GUI.
If you get an error message that either Squid or Dansguardian could not start, the most likely reason is ownership was not set correctly as mentioned in point 6. I had to manually change ownership to Squid for it to work. The ownership was previously a number: 501.
Note that unless both Squid and Dansguardian are running after you make changes to Iptables and restart it, you won’t be able to access any Internet content at all! After Internet traffic is set with Iptables to go through Squid and Dansguardian, both must be running properly or you won’t have any Internet access whatsoever until you either fix the problem or reset Iptables as it was by default.
Dansguardian would not permit me to download even compressed files after it was up and running. I had to edit the configuration files in /etc/dansguardian/ in order to permit Dansguardian to allow the download of certain files. Specifically I put hash (#) marks in front of certain lines in /etc/dansguardian/bannedextensionlist and /etc/dansguardian/bannedmimetypelist. Of course these files can only be edited with root access and so unless one knows the root password, I do not see how anyone can undermine Dansguardian’s effectiveness.For more and original post for fedora see http://linux.jamesjpn.com/how-to/dansguardian-install.html