Parental Control at Router Level - for Wifi Only

Alan666

Can someone advise as my goal is:

To Restrict sites based on keywords (preferably) Or failing that actual sites/URLs but preferably keywords That will only take effect over the home Wifi Network That doesnt effect a PC physically connect via Cat5

Dont want to impose restrictions at device level, so must be done at router level and wifi only.

Hardware spec is:
Motorola Netopia (Eircom) Model 2247-62 Running SW version 7.8.2r2

Do I need to buy a specific Modem with the facility built in, or perhaps specialised Software? Or will a combination of existing modem and/or software do the job?

Thanks in advance

Torqay

The easy way out? Setup an OpenDNS account and configure the router accordingly.

You can easily bypass this on "a PC physically connect via Cat5" by changing the local DNS to another service, say Google's public DNS server.

PogMoThoin

Not possible with that router, check out OpenDns adult content filtering (easy enough to get around if they have administrator accounts on the pc's or using smartphones)

Alan666

Thanks a mill for such a speedy reply Torquay, one questions as Im somewhat of a newb, the first part I get but your line " You can easily bypass this on "a PC physically connect via Cat5" by changing the local DNS to another service, say Google's public DNS server. " Im not entirely sure what you mean by this? Would you mind simplifying? Cheers

Torqay

Well, by default your devices will obtain their DNS server settings automatically from the router (which will filter everything through OpenDNS).

If you change the DNS settings on the computer manually to use Google DNS (8.8.8.8 and 8.8.4.4) it will not be affected by the restrictions imposed by the OpenDNS server.

PogMoThoin

Only admin accounts on PC will be able to change DNS settings (so don't give them one) but there isn't much you can do to restrict changes on a smartphone.

DoesNotCompute

+1 on the OpenDNS idea.

With regard to not having filtering enabled on the wired CAT5 connections, set the access point to get it's DNS settings from OpenDNS. On the client PCs/laptops, set the wifi connections to get their DNS records from the access point. Then go to the network adapter card's properties and set it to get it's DNS records from a public DNS server (e.g. your ISP's DNS server, Google, etc). That way your wired connections aren't filtered/restricted, but your wifi connections are.

Torqay

PogMoThoin wrote: »

Only admin accounts on PC will be able to change DNS settings (so don't give them one) but there isn't much you can do to restrict changes on a smartphone.

If they know where to look.

Of course this method is far from being bulletproof. If you want to run a really tight ship, set up a spare computer as a state-of-the-art firewall/VPN router (e.g. with Viatta), but this requires time, money and indeed a certain degree of knowledge.

Alan666

Thanks guys, just tried OpenDNS, one of the significant down sides is its wide categorisation of whats in/out of scope (I had it set to low = Porn and Proxy sites, and Boards got blocked. A little too ambigious.

Im really looking to block based on keywords, but it looks like from my research this can not be done at the router level and could only be dont at the actual laptop level.

Alan666

One last point, does anyone therefore know is it possible to enable something like a Syslog so my router captures activity to show me what sites are being visited? Would a firmware update or something provide me with this functionality-again much thanks for everyones help this far, its very much appreciated.

riclad

See http://www1.k9webprotection.com/ install this on the pc,
Set up guest account on childrens pc, use admin account to set ,filter on internet explorer,browser,content settings,to block adult websites.
Put password on browser,settings, password on k9,
something like,
A123yuRR77k ie mixture ,no,letters that cant be guessed.
http://www.ehow.com/how_6817633_disable-private-browsing.html
stop private browsing mode, i,m assuming guest ,user, cant install another browser,
unless they know the administrator password.
see http://www.tomshardware.co.uk/forum/24303-35-temporary-internet-files

I think this keeps a list of visited sites, unless a pc user deletes those files.
A router has no hardrive,
it just has enough space to store the settings ,eg wifi channel, mac adress, proxy settings, etc
to enable it to connect to the isp,and to broadcast the wifi signal.
I think k9 filter ,uses keywords, plus a list of known bad websites to do its job
IT probably has a whitelist, where you can put in known safe websites,
eg boards.ie and a password, which you can put in to deactivate it,
temporarily switch it off, when you are using the pc.

BostonB

k9 only works for one device. He want to do it at the router level for all devices. So it would work for consoles, TV, phones, tablets etc.

Routers can be used to keep logs. I think you can get around the limited storage on the router by forwarding the log to a machine on the network. probably can't do this with the stock firmware, you might to install an open firmware like OpenWRT or similar.

http://superuser.com/questions/272294/how-to-log-connections-in-openwrt

ED E

Hi Alan,

The 2247 is a barebones unit and cant give you the kind of filtering you want(as you've discovered). There are two solutions I'd suggest.

A: Easy way
Buy a new router. Something like the link below. This will give you more control. You could keep the 2247 going as is but change the wifi key, then set up the WNDR as a new AP(disable DHCP, its one click) for the kids with a different key. Then you'd set up rules on that, eg: 9AM-10:30PM filtering of keywords, 10:30PM to 9AM Block all(If you want to stop them going online at night under their bedcovers). IIRC you could even give the older child(say you have a 15yo and a 10yo, the 15yo might want more leeway) have an override by setting up users to allow them a little more access/later "bed" time.

Adults connect to the 2247 as normal and have no issues, wired or wireless.
http://www.netgear.com/home/products/wirelessrouters/high-performance/wndr3400.aspx

B: Making a project of it

If you wanted to be really OCD about control and limit everything to the bit, then PFSense is your thing. TBH from your posting its above your level but if you were willing to learn and interested you might enjoy tweaking things to exactly how you want them. There are guides out there too to help you along.

What you need:
An old PC
A wireless card for it(About a tenner from amazon)
Time

Basically what you do is set that PC up as a gateway/firewall/access point all in one. Its what I'd class as bridging the gap between home and enterprise setups. But it comes with a downside, while free, its complicated as I've said. Upside is insane amounts of control and protection.


You'll probably want to go A though :P

riclad

Maybe for the moment ,install,k9, use password .eg as788,
when you are using the pc,click icon,in system tray,switch off k9,enter password ,takes a few seconds.
I,m NOt saying getting a new router /old pc is a bad idea.
You could install this on the pc,with guest account,
http://www.kidzui.com/ kids browser.
I understand k9,does nothing re filtering tablets, mobile devices.

BostonB

Interesting. Anyone used those parental controls?

http://www.netgear.com/lpc#three

ED E

BostonB wrote: »

Interesting. Anyone used those parental controls?

http://www.netgear.com/lpc#three

Have them but no kids in the house. Can test anything if people want.

I know that the AVM FRITZ!Box routers will do exactly what you're looking for, I have one myself. I used to work for their Irish distributor (which is why I didn't usually plug them in the past) but they closed down last year so I don't know where you can get them anymore. I'm sure there's others out there that are more readily available but I've no experience with them.

You can enable filtering on a per-device basis.

BostonB

ED E wrote: »

Have them but no kids in the house. Can test anything if people want.

TBH I dunno. So far I've just disabled wifi on individual devices as required. But its becoming a pain. Being able to give different access to different users on different devices, at different times would be ideal. I was thinking of setting up two routers one with US IP for US TV content. That's kinda of a different subject. Once the kids start using a Smart TV to get around your blocks on other devices, you kinda need to up your game.

Torqay

DD-WRT also features keyword blocking, all you need is a compatible router.

Alan666

Thanks guys, this is Really helpful! And hopefully helpful to others too. Boston is right, I wanted to do it at Routher level (to capture all connected devices). The delicate situation is that I needed something that didnt touch the devices (so that means no installs on connected devices) so it would be pretty covert from the Router. There are certainly some great suggestions here and perhaps the new router wil be the penultimate solution for what Im after.
For now, OpenDNS is offering some help, but reading their list of Domains in the stats is a nightmare as it logs every single popup ad etc as a URL so very time consuming. Thanks again all!