dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3380
share rss forum feed

swbrains

join:2004-04-14
Land O Lakes, FL

Router with parental controls

Does anyone have a recommendation for a router that would has parental controls/access restrictions such that I can configure it to block all web sites except for a set of whitelisted sites that it should allow?

I checked my Linksys E4200 (V2) as well as DD-WRT and both only seem to allow me to list a finite number of sites to block rather than the other way around. My E4200 is even more limited in that it only allows one restriction rule.

Thanks!

rabeatz

join:2012-11-26
Winter Springs, FL

2 edits
Your solution is going to be a mix of router settings and DNS. Hardcode and force a parental control DNS service in your router. Open DNS has a free and Paid ($20/year) service available for home use. It blocks based on "Category"... but it does have a Whitelist. So you could select ALL the categories as blocked, and then add allowed sites to your whitelist.

»www.opendns.com/parental-controls

You could also a dynamic DNS domain to ensure that your settings remain the same if the IP address of the modem/router changes.

rabeatz

join:2012-11-26
Winter Springs, FL
If you're using DD-WRT you can use a script that forces any client to use that DNS, so if you have a tech savvy person on the network they can't change their DNS server to bypass it.

rabeatz

join:2012-11-26
Winter Springs, FL
Here's the script to do that in DD-WRT:
»emtunc.org/blog/05/2011/force-dd···queries/

Or, if you want to get really complicated, there's a method to force specific IPs/groups of IPs to use the open DNS while allowing other IPs to use their own DNS, thus being unfiltered.
»www.dd-wrt.com/phpBB2/viewtopic.···=#310196

rabeatz

join:2012-11-26
Winter Springs, FL

1 edit
After further reading though, it looks like selecting all the categories in OpenDNS does not effectively block EVERYTHING. So if you're looking to truly block everything except the sites you want, it won't be the answer.

Your last option for router level settings would be configuring the IPTABLES to do what you want, which would be completely possible but requires custom coding.

See:
»www.dd-wrt.com/phpBB2/viewtopic.php?t=56588
»www.dd-wrt.com/wiki/index.php/Iptables

If that's too difficult, to my knowledge, your only options would be changes to the physical machines you want to make the blocks on. There are a couple other DNS content filtering sites that are free as well, but from what I see, they also use the CATEGORY method.

Set up Windows Family Safety and use the parental controls on that computer
»windows.microsoft.com/en-US/wind···programs

or
Edit the HOSTS file in Windows - point everything to 127.0.0.1 and add a line for each website that you want to allow.


Markmiller

@sterlingstudents.net
reply to swbrains
I suggest that you look for a complete software solution. I personally use Qustodio. Its free, light weight and easy to use. There are a few cool features too like the extensive reporting feature that let's you view the data for the past 30 days. You can also watch the profile pictures of accounts on Facebook. You can download it here www.qustodio.com


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
reply to swbrains
Software solutions are not optimal and can be easily defeated by your average child with access to google. The best solution will be hardware based and will include placement of the hardware in a location inaccessible by the child (including the modem).

rabeatz

join:2012-11-26
Winter Springs, FL
I've always found Open DNS's content filtering (when forced using a script in the router so it can't be bypassed on a computer by changing their DNS servers) to be very effective, however it doesn't appear to give the level of control that the OP is looking for. I'm sure whatever hardware device is doing it is making changes through IP tables, but other devices provide a GUI for the changes instead of manually scripting it in DD-WRT.

I've got some stuff on my server rack in the office that would do what the OP wants to do, but it probably isn't within his budget.

rabeatz

join:2012-11-26
Winter Springs, FL
The "Web Filter Lite" on Untangle would accomplish what he's looking for, but he'd have to either purchase an untangle device (cheapest one is $995) or convert a computer to an Untangle server (the software is free) and put it behind a switch or router. If he had an old computer laying around he didn't need anymore it could be a possibility.

I don't know the poster's technical expertise level so I don't know if this would be easy for them or above their head.

»www.untangle.com/untangle/how-to-deploy/

»wiki.untangle.com/index.php/Web_···_ones.3F


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
reply to swbrains
Being the geeky kind of guy I am I'm seriously thinking about deploying one of these Untangle setups on my own hardware just to check it out and see if this is a reasonable solution for people. What are folks thoughts about my creating a dedicated thread we can call it "The Untangle Project" where we could discuss all aspects of the hardware, deployment, operation etc...

rabeatz

join:2012-11-26
Winter Springs, FL
I run untangle on a "rackable solutions" server for my office. Makes VPN setup really easy as well. A shame there isn't a version that could run on DD-WRT!

bighorn1

join:2004-06-19
Bakersfield, CA
kudos:1

2 edits
reply to swbrains
said by swbrains:

Does anyone have a recommendation for a router that would has parental controls/access restrictions such that I can configure it to block all web sites except for a set of whitelisted sites that it should allow?

I checked my Linksys E4200 (V2) as well as DD-WRT and both only seem to allow me to list a finite number of sites to block rather than the other way around. My E4200 is even more limited in that it only allows one restriction rule.

Thanks!

Zyxell USG series (50 and above. Not sure about 20) has content filtering.

You can use custom filtering where you can create lists of trusted and forbidden web sites. (it has option to use pay subscription services such as BlueCoat or Commtouch, if that's your thing)

You can easily add whole bunch to forbidden web sites with usage of wildcards (*.com or even *.*).

You can add exclusion to your filter with trusted sites list or you just use the option to allow traffic to trusted sites only (no need for forbidden sites list in this case).

Furthermore, you can refine your filter with choice of selective blocking of Java, ActiveX, cookies and Web proxies.

You can set the message displayed when users try to access forbidden sites, or setup redirect to one of trusted sites.

And of course you have choice of various logging options.

Edit:
Forgot to add that you can specify scheduling (specific times when filtering is active) and you can also apply filtering for specific subnets, machines or users.


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
reply to swbrains
...


JeffMD

join:2002-08-16
Edgewater, FL
kudos:1
reply to swbrains
I was thinking you would need one of the more expensive routers that support like an outside whitelist or is controlled by a program, but I really dig that openDNS approach. I also like how they have a pre-configured family "no adult" block that is maintenance free. I will certainly have to remember this anytime I am asked about securing a network for children.


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
reply to swbrains
It works great to be honest with you. Until I installed my own DNS server locally it was awesome and kept family and guests from getting into trouble.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to BHNtechXpert
said by BHNtechXpert:

Being the geeky kind of guy I am I'm seriously thinking about deploying one of these Untangle setups on my own hardware just to check it out and see if this is a reasonable solution for people. What are folks thoughts about my creating a dedicated thread we can call it "The Untangle Project" where we could discuss all aspects of the hardware, deployment, operation etc...

If you do, consider the "Networking" forum. This sounds like something that would be of generic interest to all cable and DSL users, not just BHN.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum