[ Current Release: 2.10.0.2 ] for Fedora 10
In our school (St. Aloysius Technical School), we use one computer exclusively as a proxy server. We have configured all the computers in the computer classroom to connect to this proxy whenever the students browse the Internet. Everyday, after school, we open up the computer classroom to let the students use these computers. Quite a lot of students would come and enjoy what they call a "free" Internet Cafe! Of course, there is nothing wrong with this. Students, after school, come and by using these computers, hopefully, they can learn something. At the least, this keeps the students away from the streets doing things they should not be doing.
But we are an educational institution. We need to control what the students access in the Internet. But you can not say that because we are a school, therefore we have to control. Control, for the sake of control, is nonsense. But, precisely because we are a school, we care for our students, we care for the safety of our students. To control is to protect our students from the bad elements that are proliferating in the Internet. After all, our students are young and they have not yet developed the capacity to discern the good from the bad.
Here, I am introducing a proxy filter program, DansGuardian, that is small but very powerful. And the best part is that it is free for educational use. This prevents the students from accessing materials from the Internet that are not suitable for them.
Features of DansGuardian:
How to install DansGuardian? Below, I presume the following:
First, download the program. Currently, the latest version is:
dansguardian-2.10.0.2.tar.gz
You can go here:
http://dansguardian.org/?page=download2
to download the program. If you want an rpm package, I have built one for Fedora 10 which can be downloaded here
The installation procedure is quite simple.
Note: In executing ./configure, you need the parameter --prefix= otherwise the whole package will be installed in /usr/local/ which is not the default directory in Fedora 10.
After installation, you need to edit /etc/dansguardian/dansguardian.conf before you can start it:
DansGuardian uses 'ukenglish' as the default language. If you are using a different language, you need to change the configuration in /etc/dansguardian/dansguardian.conf to the language you need. For example, if you want to use Traditional Chinese as your language, change: language = 'chinesebig5'.
Now, DansGuardian's installation is finished. To start the program:
1. To ensure that DansGuardian is started during boot:
chkconfig dansguardian on
2. Manually start DansGuardian:
service dansguardian start
DansGuardian is now running and is using port 8080.
And that's the problem. Squid is using port 3128. The computers used by the students are configured to connect to squid which means connect to port 3128. In this kind of configuration, DansGuardian becomes useless. The computers used must be configured to use port 8080 in order to use DansGuardian.
There are two solutions to this problem:
The first solution is to re-configure all the computers to connect to port 8080. This is a tall order and therefore not ideal.
The second solution is not to re-configure the computers to connect to port 8080, but rather "fool" the computers. The computers used by the students continue to connect to port 3128, but in reality they are automatically connected to 8080. How to "fool" these computers? Very simple, use iptables.
iptables is usually used in a firewall. But our proxy server does not use a firewall. It really does not matter. We can still use iptables, nevertheless.
We can use iptables for redirection. To redirect all tcp connections from port 3128 to port 8080, execute the following:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
And that's it!
Fr. Visminlu Vicente L. Chua, S.J.
2005/03/18
Updated: 2008/12/04