Mine is up and running, but I have to manually put the dansguardian port in the web browser as a proxy server. I do not have it working for transparent squid
As you can see, most of the settings are default. These are the Dansguardian settings. (I hope you can read this). Daemon Listening Settings Enable dansguardian I agree with dansguardian Terms and Conditions. <http://dansguardian.org/?page=copyright2> Listen Interface(s) Default: LAN/loopback Select interface(s) that you want to dansguardian listen on. Listen port Default: 8080 The port(s) that DansGuardian listens to. Daemon Options Daemon Options. Default values are in ( ) Min/Max Children Default: 8/120 Sets the minimun and maximum number of processes to spawn to handle the incoming connections. Max value usually 250 depending on OS. On large sites you might want to try 32/180. Min/Max Spare Children Default: 4/32 Sets the minimum and maximun number of processes to be kept ready to handle connections. On large sites you might want to try 8/64. Prefork Children sets the minimum number of processes to spawn when it runs out On large sites you might want to try 10 Max Age Children Default: 500 Sets the maximum age of a child process before it croaks it. This is the number of connections they handle before exiting. On large sites you might want to try 10000. Max Ips Default: 0 Sets the maximum number client IP addresses allowed to connect at once. Use this to set a hard limit on the number of users allowed to concurrently browse the web. Set to 0 for no limit, and to disable the IP cache process. Parent proxy Settings Proxy IP Default: 127.0.0.1 Sets ip address for proxy server(usually squid). Proxy Port Default: 3128 Sets port number for proxy serve General Config Settings Auth Plugins This option handle the extraction of client usernames from various sources, such as Proxy-Authorisation headers and ident servers, enabling requests to be handled according to the settings of the user's filter group Scan Options Scan options. Default values are in ( ) Weighted phrase mode IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, including banned & exception phrases (not just weighted), search term filtering, and scanning for links to banned URLs. Lower casing options When a document is scanned the uppercase letters are converted to lower case in order to compare them with the phrases. However this can break Big5 and other 16-bit texts. If needed preserve the case. Phrase filter mode Smart, Raw and Meta/Title phrase content filtering options Smart is where the multiple spaces and HTML are removed before phrase filtering Raw is where the raw HTML including meta tags are phrase filtered Meta/Title is where only meta and title tags are phrase filtered (v. quick) CPU usage can be effectively halved by using setting 0 or 1 compared to 2 Url cache number Positive (clean) result caching for URLs Caches good pages so they don't need to be scanned again.It also works with AV plugins. 0 = off (recommended for ISPs with users with disimilar browsing) 1000 = recommended for most user 5000 = suggested max upper limit If you're using an AV plugin then use at least 5000. Url cache age Age before cache are stale and should be ignored in seconds 900 = 15 mins(recommended) 0 = never SSL man in the middle Filtering CA Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 560 Select Certificate Authority to use when SSL filtering is enabled on Group options To create a CA on pfsense, go to system -> Cert Manager Cert Select Certificate pair to use when SSL filtering is enabled on Group options To create a Certificate on pfsense, go to system -> Cert Manager Content Scanner Content Scanners (antivirus) Content Scanners options. Default values are in ( ) freshclam frequency Default:Every day Select how often pfsense will update clamd virus database Content scanner timeout Default is 60 Some of the content scanners support using a timeout value to stop processing (eg AV scanning) the file if it takes too long. If supported this will be used. The default of 60 seconds is probably reasonable. Content scan exceptions If 'on' exception sites, urls, users etc will be scanned. This is probably not desirable behavour as exceptions are supposed to be trusted and will increase load. Correct use of grey lists are a better idea. ICAP URL Enter ICAP URL in icap://icapserver:1344/avscan format Use hostname rather than IP address and Always specify the port Misc settings Misc Options Misc options. Default values are in ( ) In squid from top to bottom I have selected (squid won't paiste for some reason) Proxy Interface: LAN and Loopback Allow users = checked Blank until Enable Logging Enable logging = checked Log store = /var/squid/logs Log rotate = 90 Proxy port = 3128 ICP port = (blank) Visible hostname = localhost Anministrator email = admin@localhost Language = English X-Forward = no check Disable Via = no check Strip The rest is blank Upstream Proxy is totally blank and I am using no authentication for now. This may not be the best settings. If anyone has any suggestion, please let me know. I always look for ways to do things better.
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
