Setting up DansGuardian on a single home PC running Ubuntu

Please note: there are newer howtos at ubuntu forums (howto1, howto2). These are probably more thoroughly tested than mine is. Thanks.

Dansguardian is efficient, even mostly out-of-the-box web content filtering to protect from the filth flowing on the internet. On Ubuntu Linux (which rocks), do:

sudo apt-get install dansguardian tinyproxy firehol

Configure /etc/dansguardian/dansguardian.conf – at least you will have to comment the line saying UNCONFIGURED (but please do check out the other options in the file, they’re not hard), and then:

sudo dpkg-reconfigure dansguardian

should get you started – now you just need to set your web browsers to use the proxy on localhost at port 8080. If you want to make it more script kiddie proof, read on.

UPDATE: To stop anyone on your computer from going to dirty pages, it is perhaps the easiest to use FireHOL so you can avoid most of the iptables headaches. To force unconfigured browsers to use dansguardian: In /etc/firehol/firehol.conf you will need

transparent_squid 8080 "proxy root"

(note that squid/tinyproxy runs as username proxy in Ubuntu – and probably in Debian, too). Also, you will have to allow at least access to the outside world in FireHOL:

interface any world
policy drop
protection strong
client all accept

To stop people from using just squid/tinyproxy as a proxy, thus again bypassing dansguardian, you will need to add the following in the beginning of your /etc/firehol/firehol.conf.

iptables -t filter -I OUTPUT -d -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

(Thanks to Costa Tsaousis at FireHOL help forums. Also note: dansguardian runs as user dansguardian on Ubuntu.)

From DansGuardian with Tinyproxy:

Now that the programme is installed, change the following 4 lines in /etc/tinyproxy/tinyproxy.conf
 User root
 Group root
 Port 3128
 ViaProxyName “tinyproxy”

Squid was much slower than tinyproxy for me. Still, if you choose to use Squid instead of tinyproxy, I understand that you need to set up Squid as an intercepting proxy, so see those instructions as well.

An additional tip: to make dansguardian, tinyproxy, squid or firehol reread their configuration files, I found it easiest to say

sudo /etc/init.d/PROGRAMNAME restart

There’s good documentation on the dansguardian site, and as a last resort feel free to ask me help in the installation, though I’m no expert. You might also try the FireHOL help forum for any filtering-specific questions, which I’m a novice at. Also, please comment. I must have forgotten a step or two. 🙂

This howto is in the public domain. Feel free to copy or modify.

Original posting and comments are at the personal site.