I just finished setting up my home network (again) and thought to document what I did, why, and what needs to be fixed. It might help someone else who’s kids are fiendishly clever about avoiding safe network endeavors.
My Perfect System
What I really want is a kind of proxy server that manages all our inbound/outbound network traffic and enforces schedules per user, per traffic-type (netflix vs web, etc), and can require a password for some users to access specific kinds of sites. Parents either don’t need, or else know the password, kids don’t, voila. But I don’t have a computer running 24/7 to work as a proxy for my network, and don’t want to learn a system like squid to set it up if I did. Oh, and I want it to be free, and easy to manage.
So I’ve tried other things…
My first try… and third, is OpenDNS.org. Free for home users not wanting some extra features, and also built into some NetGear routers, it is basically a DNS lookup service that lets you create limits on what names are resolve-able. You can set it up per-network so all devices on your network use it, or you can set it up per user on some computers. It lets you show users a somewhat-customizable “fail” page when they try to reach a site specifically outlawed, or in a category that is outlawed (porn, video sharing, etc).
The problems are when you want exceptions for certain users. Network settings on Windows computers have proven to be rather “whole-machine” so I can’t exempt parents from youtube, even though I want my kids kept away – I swear, one more “Tobuscus” mention around here and I’ll hurt somebody.
The NetGear built-in option has an “exemption” system that loads in Windows to override the restrictive DNS settings for specific users, but a) It didn’t always work. b) No linux support. c) It was annoying.
I eventually quit using it, though the reporting features and limit concepts were nice, if not flexible enough for me. And by quit… I mean, I kept using it, but removed all the limits.
Norton Online Family
I have tried Norton’s Online Family setup and it works as long as your kids on are Windows machines with their own logins. It lets you limit their web access but not yours, to a point. But I’ve found that it crashes, or somehow kids get logged in without it running, and then it does no good. But it’s almost better than OpenDNS when it works, because it limits sites by blacklist or category, reports, sets time limits, etc. When kids run into a “Safety Dog” (that’s the mascot) page that rejects their access to some site, they can request an exemption – right there, and it gets emailed to me. Handy.
But the lack of linux, android, Nintendo DS, XBox support etc makes it a mere partial solution, and I’ve pretty much quit relying on it. I mean to uninstall it from my laptop and just keep forgetting. My kids use other devices to get around the limits anyway so they don’t even ask me about it popping up anymore. They’re clever. Argh.
This works sort-of because I bought a new router when the old one started flaking out, but wasn’t completely dead. Unfortunately, the old router isn’t supported by much open-source firmware that may have better control options, so I’m working with it as-bought.
My new router (an Asus RT-N66U) provides internet access through wireless networks without restriction. It has 4 wired ports that are all in use (desktop computer, phone adapter, networkable blu ray player that has no wifi, old router). This is the router that I run parent access, and internet-accessing equipment through – like the xbox, blu ray player, roku, etc.
The old router – a NetGear WNDR3700 (v2) is now plugged into the ASUS, so it’s like a child-network. I’ve enabled the parental controls via OpenDNS on it and limited access to all the sites I wanted blocked. I also added a network schedule to essentially turn it off after 9:30pm because otherwise kids stay up watching netflix all night if I let them stay up reading a little, or forget to confiscate electronics at bedtime.
When I added the new router, I gave its wireless networks new names. When I added the old router to it, I kept the old name they were already authenticated to. This way old equipment automatically gets the OpenDNS & schedule limits and I don’t have to go around re-managing a dozen devices.
The major problem I have now is not enough wired ports. I guess I need a cheap switch. I had to connect the XBox to the new router via wifi. But the XBox Network Configuration doesn’t hide it’s wifi password, and my kids know where to find it.
Guest Networks on the ASUS RT-N66U allow filtering via MAC address now (they didn’t always) but you can’t enable MAC filtering just for the guest network while leaving it off for it’s regular wireless networks. If that worked, I’d just create a guest network for ONLY the XBox, Roku, etc via MAC filtering and be done. It’d have wide-open internet access but my kids wouldn’t be able to log into it and escape the filters.
I could try Powerline devices to create wired connections where running cable isn’t practical.
I could add a switch to create more wired ports for the devices I want connected without revealing the wifi password.
I could search for a firmware that handles MAC filtering on specific networks, and/or separate DNS settings per network. That’d be handy.