Running a DansGuardian filter on the entire network

1

I'm looking to run DansGuardian on my home network via a server machine I'm building. Before I build the server, I need to know whether or not I need two dedicated gigabit LAN ports or one on the machine.

I'm not sure how to run the server. Should it be part of the network or above the network between the router and the modem?

For example, before the router:

                             |-[COMPUTER_1]
[INTERNET]-[FILTER]-[ROUTER]-|-[COMPUTER_2]
                             |-[COMPUTER_X]

Or after the router:

                    |-[COMPUTER_1]
[INTERNET]-[ROUTER]-|-[COMPUTER_2]
                    |-[COMPUTER_X]
                    |-[FILTER]

In solution one above, I'd need two gigabit LAN ports, one connected to the internet and the other to the router. I'd also have to figure out how to run all traffic between the two ethernet interfaces.

In solution two above, I'd only need one gigabit LAN port, but I'd need to find a way to forward internet traffic through the filter from the router. The goal here is that the entire network is seamlessly filtered through DansGuardian.

I'll be running Ubuntu Server on the machine. I'm not sure how to set something like this up, so could someone recommend the steps I should take and the setup I should have? From time to time, I'd need to SSH into the filter machine, and I'm not sure if that's possible if the filter is behind the router.

Naftuli Kay

Posted 2011-09-28T03:40:36.393

Reputation: 8 389

Answers

0

The way Dansguardian works you don't have to have two NICs. In a standard installation DG acts as a proxy on your server on port 8080 and so if you set up all the Web clients to run via the proxy on yourserveraddress:8080 things will 'just work'.

Mind you, this configuration makes it easier for someone 'in the know' to bypass the proxy unless other filtering/blocking is put in place.

Linker3000

Posted 2011-09-28T03:40:36.393

Reputation: 25 670

That's exactly the problem. I need ALL web content filtered with no intervention from a client's point of view. Often there will be phones and other devices using the network and I want them to be filtered, all without having to configure them individually. Can this be done? – Naftuli Kay – 2011-09-28T18:01:35.423