On Mon, Nov 16, 2009 at 8:51 PM, Brian <bbayorg...@charter.net> wrote: > Trying to configure my gateway box running FBSD 7.2 to provide content > filtering services for some or all clients on a my network. > > The box is configured with natd and running IPFW. I like this combination > and have been using it successfully for years. Not real interested to > changing to squid or pf or whatever else may be known (or better documented) > to work with dansguardian.
Dansguardian does not do any pages fetches on its own, it just scans pages returned by a proxy server. You cannot run Dansguardian without some kind of web proxy server. By default, the port will install Squid, but it has been shown to work with TinyProxy. > Dansguardian seems to be the preferred option for content filtering as near > as I can tell. There is lots of documentation out there for configuring > dans with squid. I can't find much of anything for IPFW / NAT > > So, the question is, can this be done? I've seen one or two suggestions out > there giving a brief description of how to use the fwd command to send > packets to dans but unfortunately I am not smart enough to implement that > here. You can use IPFW to fwd packet to Dansguardian quite easily: ipfw add fwd 127.0.0.1:8080 tcp from $local_subnet to any 80 in recv $local_nic ipfw add allow tcp from me to any 80 out xmit $public_nic ipfw add allow tcp from any 80 to me in recv $public_nic established The first rule redirects all HTTP traffic from the local subnet to Dansguardian. Dansguardian will then pass the packets off to a local install of Squid (uses 127.0.0.1:3128 by default). Squid will then connect out to the remote web server to grab the pages (the next two rules). You *MUST* have a web proxy server installed somewhere, that Dansguardian will forward the requests to, and receive the responses from. -- Freddie Cash fjwc...@gmail.com _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
