Archive for the ‘SysAdmin’ Category

Content filtering with DansGuardian

January 3, 2007

I finally got content filtering fully configured for my home network. I’m using DansGuardian + squid for the filtering, and the setup process was extremely smooth and easy (ubuntu breezy badger):

% apt-get install dansguardian

I already had squid running and tested, and DansGuardian just plugs right in. I had to change my WPAD proxy config (/wpad.dat) from this:

return "PROXY 192.168.1.10:3128; DIRECT";

to this:

return "PROXY 192.168.1.10:8080; PROXY 192.168.1.10:3128; DIRECT";

And it just worked — all the other machines in the network automatically got the new filtering. I also customized the ‘access denied’ html template a bit, in /etc/dansguardian/languages/template.html

Advertisements

dnsmasq for local DNS service

December 27, 2006

I need to implement proxy filtering in my home network, to protect my family as my kids start to use the internet more. The first thing I need to make this work is local DNS service within my LAN, since all the other hosts on the network will be blocked from direct access through the router.

Easy solution: dnsmasq on my debian(ubuntu)-based server. Very easy to install:

% sudo apt-get install dnsmasq

This installs and configures the local DNS server, and sets it up to always run on the machine as a system service. A little bit of manual configuration is required as well: /etc/resolv.conf has the real nameserver addresses

search hsd1.co.comcast.net.
nameserver 68.87.85.98
nameserver 216.148.227.68
nameserver 204.127.202.4

And then I also put all the aliases for local machines into /etc/hosts

192.168.1.10 diener
192.168.1.100 doingo dad
192.168.1.101 velum vellum
192.168.1.200 gulliver boys

That way, all of the local network machines can resolve each other via this local DNS, and I don’t have to maintain /etc/hosts on each one.

Once the server (diener) is setup, all the other hosts on the network have to be configured to point to diener for DNS.  Currently everything is configured with static IP & DNS; dnsmasq also supports DHCP, and I need to still investigate using that for some hosts.