Caros, Segue abaixo o meu dansguardian.conf: # comente esta linha para dizer que já o configuramos #UNCONFIGURED - Please remove this line after configuration
# 3 = usar HTML template para acessos negados reportinglevel = 3 # Diretório de Linguagens languagedir = '/etc/dansguardian/languages' # Linguagem usada: language = 'portuguese' #Nível de log 0 = nenhum 1 = somente negado 2 = todos acessados 3 = Todos requisições loglevel = 3 # 2 = always log & mark exceptions (default) logexceptionhits = 2 # Formato do log, 1 = Formato default. logfileformat = 1 # Localização do arquivo de log loglocation = '/var/log/dansguardian/access.log' # Ips filtrados individualmente filterip = # Porta de escuta do Dansguardian filterport = 8080 # Ip do proxy, onde está o squid proxyip = 127.0.0.1 # porta do squid proxyport = 3128 # url de acesso negado accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' # Default is enabled, but to go back to the standard mode, disable it. nonstandarddelimiter = on # Usar banner do dansguardian on (default) | off usecustombannedimage = on custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' # Quantidade de grupos existente, pode ser criado até 9 filtergroups = 1 # Onde fica o arquivo onde são atribuídos os grupos aos usuários ou ips. # agora podemos também atribuir faixas de ips filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' # Ips sem acesso bannediplist = '/etc/dansguardian/lists/bannediplist' # Ips com acesso total exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' # high enough, reported. on | off showweightedfound = on # 2 = on, singular = each weighted phrase found only counts once on a page. weightedphrasemode = 2 urlcachenumber = 1000 urlcacheage = 900 scancleancache = on # 2 = both of the above (default) phrasefiltermode = 2 # 0 = force lower case (default) preservecase = 0 # off = disabled (default) # on = enabled hexdecodecontent = off # off (default) | on (Big5 compatible) forcequicksearch = off # bannedsitelist file instead. reverseaddresslookups = off # leave it off. reverseclientiplookups = off # is, enabling this option does not incur any additional forward DNS requests. logclienthostnames = off # be significant. Fast computers do not need this option. on | off createlistcachefiles = on # use -1 for no blocking #maxuploadsize = 512 #maxuploadsize = 0 maxuploadsize = -1 # The size is in Kibibytes - eg 2048 = 2Mb # use 0 to set it to maxcontentramcachescansize maxcontentfiltersize = 256 # use 0 to set it to maxcontentfilecachescansize # This option may be ignored by the configured download manager. maxcontentramcachescansize = 2000 # The size is in Kibibytes - eg 10240 = 10Mb maxcontentfilecachescansize = 20000 # RAM cache. filecachedir = '/tmp' # on|off (defaults to on) deletedownloadedtempfiles = on # This may be ignored by the configured download manager. initialtrickledelay = 20 # This may be ignored by the configured download manager. trickledelay = 10 # Controle dobre gerenciador de Downloads downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' # The default of 60 seconds is probably reasonable. contentscannertimeout = 60 # (on|off) default = off contentscanexceptions = off # Este plugin deve ser habilitado para aparecer os usuários no log do Dansguardian authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' # Defaults to off. recheckreplacedurls = off # Importante, deve ser habilitado para repassar os ips clientes ao squid. forwardedfor = on # Warning - headers are easily spoofed. on | off usexforwardedfor = off # it on or off logconnectionhandlingerrors = on # useful in production. logchildprocesshandling = off # On large sites you might want to try 180. maxchildren = 120 # On large sites you might want to try 32. minchildren = 8 # sets the minimum number of processes to be kept ready to handle connections. # On large sites you might want to try 8. minsparechildren = 4 # sets the minimum number of processes to spawn when it runs out # On large sites you might want to try 10. preforkchildren = 6 # sets the maximum number of processes to have doing nothing. # When this many are spare it will cull some of them. # On large sites you might want to try 64. maxsparechildren = 32 # On large sites you might want to try 10000. maxagechildren = 500 # browse the web. Set to 0 for no limit, and to disable the IP cache process. maxips = 0 # Defines IPC server directory and filename used to communicate with the log process. ipcfilename = '/tmp/.dguardianipc' # Defines URL list IPC server directory and filename used to communicate with the URL # cache process. urlipcfilename = '/tmp/.dguardianurlipc' # Defines IP list IPC server directory and filename, for communicating with the client # IP cache process. ipipcfilename = '/tmp/.dguardianipipc' # on|off (defaults to off) nodaemon = off # Disable logging process # on|off (defaults to off) nologger = off # Enable logging of "ADs" category blocks # on|off (defaults to off) logadblocks = off # Enable logging of client User-Agent # Some browsers will cause a *lot* of extra information on each line! # on|off (defaults to off) loguseragent = off # on|off (defaults to off) softrestart = off # Mail program # Path (sendmail-compatible) email program, with options. # Not used if usesmtp is disabled (filtergroup specific). mailer = '/usr/sbin/sendmail -t' Att. Leandro Moreira. 2009/11/19 Marcelo <msala...@gmail.com> > Leanddro, > > posta o seu dansguardian.conf > > > Abraços, > Marcelo > > Leandro Moreira wrote: > > Caros, > > A minha rede tem a seguinte topologia > > > > # --------- # # -------------- # # -------------------- # > > # LAN # ----> # FW DMZ # -----> # FW BORDA # > > # --------- # # --------------- # # -------------------- # > > | > > | > > # --------------------------------------- # > > # PROXY/DANSGUARDIAN # > > # --------------------------------------- # > > > > Instalei e configurei o dansguardian, ao set-lo manualmente no > > navegador, funciona sem problemas. Entao criei um NAT no firewall de > > borda para enviar todas as requisições da porta 80 para o servidor com > > o dansguardian: > > > > iptables -t nat -A PREROUTING -i ! eth0 -s ! 172.20.0.30 -p tcp -m > > multiport --dport 80 -j DNAT --to-destination 172.20.0.30:8080 > > <http://172.20.0.30:8080> > > > > Ao ativar o nat a internet simplesmente para, entao fiz o mesmo nat > > para o proxy que se encontra na mesma maquina e funcionou normalmente. > > Ainda estou com o dansguardian basicao apenas com as blacklist padrões > > dele, o que mais me intriga é que ao redirecionar o NAT acima pro > > squid a navegação ficou norma. > > Alguém ja passou por esse tipo de problemas, agradeço desde ja ajuda. > > > > PS.: 1- Não é problema de hardware, pois o servidor é um poweredge com > > placa gigabit. > > 2- Já discuti com o gerente de "projeto" pois queria fazer > > essa solução usando bridge e ele não aprovou. > > > > Att. > > > > -- > > Leandro Moreira > > Linux Administrator: LPIC-1 > > e-mail/msn: lean...@leandromoreira.eti.br > > <mailto:lean...@leandromoreira.eti.br> > > Tel.: + 55(32) 9906-5713 > -- Leandro Moreira Linux Administrator: LPIC-1 e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713
