[CS-FSLUG] DansGuardian installation

Sun Mar 4 15:41:42 CST 2007

Mark,
Sorry if my previous email confused you. I did not mean to say that it 
was the only way to do it, but rather that was the way with probably the 
lowest number of changes to computers.

There are many ways to set up a proxy, some of which are more effective 
than others. Regardless of how you do it, there are chances to break 
things. (For example, many IM clients fall back to web-based protocols 
that can have issues with different types of proxying. And, as Stephen 
mentioned, you may want to do authentication or something which forces 
one "solution" over another.)

It looks like we may have offered solutions which were way too complex 
for just two clients. While it is still possible for you to do 
transparent proxying with just one NIC in your server, it is probably 
much more complex than it needs to be.

The first question is, how much do you trust the users, or how computer 
literate are they? The simple option is to set up squid and simply edit 
the preferences on the clients to say that the server is the proxy. You 
can go to the added length of creating a firwall rule to block outgoing 
port 80 from everything but the server, and that should do it.

When you have lots of clients, or you do not trust your users, then you 
need to do something like having auto-discovery of proxy servers or do 
the transparent proxy thing. You can get amazingly complex with proxies 
and filtering, but it can also be relatively straight-forward. The rule 
of thumb is that no filtering solution is ever truly foolproof. You 
simply need to make it difficult enough to get to junk that it does not 
happen from your LAN. So you need to first determine how complex you 
need to and are willing to make it, and then go with it.

So, tell us about the people. If we are trying to create something which 
they may fight to get through, or if we are just putting up a wall 
against accidents and quick temptation. You already told us about your 
LAN, and so we should be able to point you in the right direction from 
there.

Oh. If you are looking for a simple solution that comes in a box, the 
wrt54gs (http://en.wikipedia.org/wiki/WRT54G#WTR54GS) up to revision 3, 
had a built in content filter which you can purchase a very cheap 
license for. ($30 or $50 a year?)

Blessings,

- Tim Young

John Mark Clayton wrote:
> Well then I'm confused and obviously this installation is over my head.
> Can anyone point me to instructions for setting up squidguard, etc
> on a small lan.  The lan has a dsl modem/router with builtin wireless, a
> wired linux file/print/dns/server, a wireless linux client and a wireless
> xp client.
> I'd really appreciate any and all help,
> Mark
>   
>