Web filtering with Ubuntu, and Dans Guardian

OK, I have kiddies at home, kiddies that need not be exposed to some of the stuff on the net. Really it’s just too easy for them to wander off into the bushes and see stuff that a 7, 10 and 13 year old just doesn’t need to see.

Thus after much deliberation and investigation it was decided that Dansguardian was the way to go.

I initially installed the server version of feisty on an old laptop to give this a go.  It worked out OK, but the old laptop just didn’t have enough to keep things running smoothly for more than an hour. The lack of a GUI also made things a little more difficult when looking at the logs and stuff. (I was trapped in a 640×480 console environment and it just sucked).

So today I started over, again using the standard version of Ubuntu ‘Feisty edition’. If you’re using the server edition you can use this tutorial, which given it’s age has some pitfalls. Most notably you need to edit the firehol script to replace all instances of ‘%q’ with ‘%b’.

sudo gedit /lib/firehol/firehol (replace vi with you editor of choice) and replace all %q strings with %b.
This is documented in that thread somewhere toward page 7 I think.

After fumbling through that again, I figured there had to be a better way, and there is.

I opted for the Dansguardian/Web Content Filtering Only installer from the ‘Christian Edition’.

You still need to install ‘squid’ sudo apt-get squid

But after that it’s fairly painless. It also includes a pretty handy gui for tweaking the Dansguardian files.

The base network is set up like so:

Network

Items of note:

  • Not all computers are filtered, but anyone can be by using the proxy manually by configuring the browser to do so.
  • Computers I WANT to be filtered are forced to do so by the following:
    • They have DHCP reservations for both their ethernet address and through the wireless to get an IP that I want them to have.
    • DHCP also give them bad DNS info.
    • They can access printers and what not on the local network.
    • Any traffic that tries to get outside from these addresses is dropped by an Access list in the router.
    • To surf, their browsers must be configured to use the proxy .99 on my network, else they go nowhere.
  • Yes, this isn’t perfect
    • The easy end around on this is to change your IP, and hard-code it to a valid IP.
    • But my kids can’t do that (yet) and they aren’t admins on the machines that are forced to the proxy anyway.
  • I’m sure there may be other ways around it that I haven’t thought of, but for now this is working well.

Mo betta server hardware.

www.dishers.com has moved. The hardware that www.dishers.com was hosted on was an old 1ghz, AMD Athlon. It was the ‘stuff’ back in the day almost 10 years ago? It was originally my hot machine for playing Tribes!, (there’s 2 years of my life I’ll never get back).

But as we’ve gotten to the world of Internet 2.0 with graphically rich web sites, and more .php processing required for things like the gallery. It was time to move this site to something a little better. The box it’s on now is 3 years old, but it’s still about 4x the power (if not more) than the box that replaced it.

Things should be mo betta, and mo faster.

DNS’s around the world are updating as we speak. Life is good.

Question for the day.

When was the last time you backed up your personal machine?

Your home machine. You know the only place you have a copy of your finances (quicken), your precious family photos, and of course those all important tunes.

When was the last time? Did you check that your backup was good?

CD’s as much as we’d like them too, don’t last for ever. Backup often. You’ll never be sorry you had too many backups. You will be sorry when you don’t have one and you need it.

WordPress 2.0 RC-2

dishers.com is running the latest WordPress, WordPress 2.0 Release Candidate 2

wp-button-6.gif

Truely amazing software!, a few bugs to work out, AJAX a plenty, a pretty nifty WYSIWYG POST Editor, that still needs some work. But it’s chock full of sweetness.