How to set up Dan’s Guardian At Home, Geek Edition
Posted by Elf Sternberg as Linux
I recently had the opportunity to set up Dan’s Guardian at home. The assumptions of this article are that you have access to a basic Linux or Macintosh computer somewhere, something small and old that you don’t need anymore. The basic idea here is that you’re going to build a passthrough filter and put it in front of your children’s computer as a gateway.
The inside of my house uses a subnet of 10.10/24. That means that although my allocated address from my ISP is some set IP number, all of the machines inside my house share that number and use some other number for their own identity in the 10.10/24 address range. The router machine I use is a Pentium MMX, a computer that’s over ten years old, with 32MB of memory and a 4GB hard drive. It has two network cards: one plugs into the wire coming from my ISP, and the other plugs into the wireless hub used by the rest of the household.
The setup I used is pretty simple. On the linux-based network router, I downloaded Dan’s Guardian and Squid, and on both I ran ./configure && make && make install.
When they were both installed, configuration is straightforward. The squid configuration file is in /usr/local/squid/etc. The one major change I made was to configure the http_port to include the host IP address for the inside subnetwork, to prevent people on the outside from getting in. This tells squid to only listen for communications coming from inside the house:
You might also want to tell squid were to send the logs and the cache. By default it uses /usr/local/squid/var, but I changed that to /var/log/squid and /var/cache/squid, as appropriate.
Once you’ve done that, it’s time to configure Dan’s Guardian. The configuration file will be in /etc/dansguardian. Edit the filterip and proxyip address to the same address you used above for squid. This will allow Dan’s Guardian to talk to squid, and to filter requests from the inside, but not the outside world.
/usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf /usr/sbin/dansguardian
Now, if you set your proxy server (Firefox -> Preferences -> Advanced -> Network) to 10.10.10.2, port 8080, and try to navigate to somewhere, er, “funny,” you should get a warning message.
Customizing the error message can be entertaining. The regular one looks too official for a household. My wife and I customized ours. The file to edit will be in /etc/dansguardian/languages, under your language of choice. If you want to include a photograph as I did, you’ll have to (1) install a small webserver to serve the images out, as Dan’s Guardian will not do it, and (2) explicitly put the address of the photograph in the template.html file, with the full http://<address_of_webserver>/image.jpg address. For this job, I chose thttpd.
I imagine there are all sorts of variations on this you can make: Use IPTables to make sure all HTTP traffic coming from the kid’s computer is filtered, so if they figure out how to disable the proxy they’ll still get the message; make a fully pass-through computer so you don’t have to put this on the household router in case you’re one of those unfortunates who buys cable; make the pass-through machine with a wireless card, so the kids can access the wireless network.
I also imagine if your kids are on a Mac (as mine are) you could build DG and Squid right into their computer, but I didn’t want to futz with a build environment under Mac OS X 10.3. The router was a fine place to put it.