Traditional Chinese Version

Fedora 11 now supports dansguardian, so I discontinue building dansguardian rpm for Fedora 11. But I will continue to build dansguardian rpm for CentOS.

[ Current Release: 2.10.1.1 ] for Fedora 11

dansguardian-2.10.1.1-1.fc11.i586.rpm

This package has been compiled with support for anti-virus scanning: clamd (clamav), icap (Dr. Web ICAP) and kavd (Kaspersky).

If you want to enable this functionality you need to edit the following files:

1. Uncomment the one you want to use in /etc/dansguardian/dansguardian.conf:

#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
#contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf'
#contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf'

2. Edit the corresponding config file that you need:

/etc/dansguardian/contentscanners/clamdscan.conf
/etc/dansguardian/contentscanners/icapscan.conf
/etc/dansguardian/contentscanners/kavdscan.conf

Note: Since I am not able to test the use of the anti-virus scanning in dansguardian, I can not guarantee that they will work.

In our school (St. Aloysius Technical School), we use one computer exclusively as a proxy server. We have configured all the computers in the computer classroom to connect to this proxy whenever the students browse the Internet. Everyday, after school, we open up the computer classroom to let the students use these computers. Quite a lot of students would come and enjoy what they call a "free" Internet Cafe! Of course, there is nothing wrong with this. Students, after school, come and by using these computers, hopefully, they can learn something. At the least, this keeps the students away from the streets doing things they should not be doing.

But we are an educational institution. We need to control what the students access in the Internet. But you can not say that because we are a school, therefore we have to control. Control, for the sake of control, is nonsense. But, precisely because we are a school, we care for our students, we care for the safety of our students. To control is to protect our students from the bad elements that are proliferating in the Internet. After all, our students are young and they have not yet developed the capacity to discern the good from the bad.

Here, I am introducing a proxy filter program, DansGuardian, that is small but very powerful. And the best part is that it is free for educational use. This prevents the students from accessing materials from the Internet that are not suitable for them.

Features of DansGuardian:

• Small, so executes very fast, and does not demand a lot of resources from the system.
• Can filter specific URL or IP.
• You can specify what files are forbidden for download, e.g., mp3, vbs, etc.
• Content filtering

How to install DansGuardian? Below, I presume the following:

• Using Fedora 11 distribution of the GNU/Linux.
• Using squid as the proxy server, the standard in the UNIX world.

First, download the program. Currently, the latest version is:

      dansguardian-2.10.1.1.tar.gz

You can go here:

http://dansguardian.org/?page=download2

to download the program. If you want an rpm package, I have built one for Fedora 10 which can be downloaded here

I am now also providing rpm packages for CentOS 5.3 which you can get here.

The installation procedure is quite simple.

1. tar xvfz dansguardian-2.10.1.1.tar.gz
2. cd dansguardian-2.10.1.1
3. ./configure --prefix=
4. make
5. make install

Note: In executing ./configure, you need the parameter --prefix= otherwise the whole package will be installed in /usr/local/ which is not the default directory in Fedora 11.

After installation, you need to edit /etc/dansguardian/dansguardian.conf before you can start it:

DansGuardian uses 'ukenglish' as the default language. If you are using a different language, you need to change the configuration in /etc/dansguardian/dansguardian.conf to the language you need. For example, if you want to use Traditional Chinese as your language, change to: language = 'chinesebig5'.

Now, DansGuardian's installation is finished. To start the program:

1. To ensure that DansGuardian is started during boot:

  chkconfig dansguardian on

2. Manually start DansGuardian:

  service dansguardian start

DansGuardian is now running and is using port 8080.

And that's the problem. Squid is using port 3128. The computers used by the students are configured to connect to squid which means connect to port 3128. In this kind of configuration, DansGuardian becomes useless. The computers used must be configured to use port 8080 in order to use DansGuardian.

There are two solutions to this problem:

The first solution is to re-configure all the computers to connect to port 8080. This is a tall order and therefore not ideal.

The second solution is not to re-configure the computers to connect to port 8080, but rather "fool" the computers. The computers used by the students continue to connect to port 3128, but in reality they are automatically connected to 8080. How to "fool" these computers? Very simple, use iptables.

iptables is usually used in a firewall. But our proxy server does not use a firewall. It really does not matter. We can still use iptables, nevertheless.

We can use iptables for redirection. To redirect all tcp connections from port 3128 to port 8080, execute the following:

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080

And that's it!

Fr. Visminlu Vicente L. Chua, S.J.
2005/03/18
Updated: 2009/07/17