A few days ago my middle son watched a video on YouTube that has just scared him silly for the past two nights. Therefore I’m in the process of working on blocking youTube on all devices but allow the parent’s computers/phone access along with the FireStick on the TV. We have 2 devices that belong to the school, therefore I cannot install anything on those devices. On top of that, I have kindles that I cannot get to use the DNS that the cable modem/router is looking at OpenDNS.
I’ve been looking around for a solution, but I haven’t been able to find the best one. Here is my current thought process:
I have CenturyLink modem that also has ports and wireless for it. My thought is to build a computer with IPFire installed on it. The CL Modem will be connected to the IPFire (with the wireless turned off) and connected to the IPFire will be a wireless router with ports on the back of that too, which most likely won’t be used except for like the DVD player or the computer in the family room which is yet to be hooked up.
Does this sound like a possible solution to my needs?
This should not be too problematic although there are some aspects of your setup I did not fully understand yet - I will comment on those below…
The last part of this sentence does not make sense to me: Is the cable router using OpenDNS? Or are the kindle devices? Or both?
You might want to have a look at turn-key firewall appliances such as this one (full disclosure: I am not related to Lightning Wire Labs):
Yes, this is possible and sounds reasonable, since you could split up WiFi and LAN into separate networks (called GREEN and BLUE in IPFire) and define firewall rulesets according to your needs for it.
For the sake of completeness, the IPFire documentation is available here, while configuration recommendations for a most secure firewall ruleset are available here.
Drop me/us a line in case those do not answer your questions…
The cable router/modem is setup to use the OpenDNS IP address. The kindles for whatever reason seem to by-pass this, which I don’t quite understand how it is doing that…which really isn’t part of why I’m looking at the IPFire.
Ouch on the price - that would be the ticket, but I just landed a new job and have been laid off the last 8 months due to getting laid off from the hospitality industry.
I’m going to explore more on this, as I see this is the possible solution for what I’m trying to accomplish
One question, as I think this is the case, can I setup rules based on the MAC address of a device to prevent that device to access certain web sites?
I see, thanks for clarifying this. IPFire can be set up to use different DNS servers (more on this here), and you probably want to use some that support DNS over TLS for privacy reasons.
Well, they probably use a DNS server hard-coded into their firmware. Unfortunately, a lot of chatty/crappy/IoT devices do this.
If I may comment on this: Yes, those are not the cheapest, but from my point of view, they are worth the money, since they are fully compatible to IPFire and do not have tripping hazards such as bad NICs (relevant for IPS’ performance, for example).
Partly: You can create firewall rules whose source is based on a MAC address (please refer to the firewall documentation on how to do this), but since a firewall/packet filter is operating on layers 3 and 4, you cannot block certain web sites with it, but only traffic to certain IP addresses/networks or countries.
If possible, try using the web proxy built into IPFire for more fine-grained access control - URL-based filtering is no problem there.
I went to the Goodwill Computer store (GoodBytes) and looked for a computer to use to install IPFire onto. I came home empty handed as most of the computers are $129 for a desktop. I’m thinking that the network cards are most likely going to run another $25-$50 and then the time to get a CD/DVD created for the bootup and getting the computer to install and all the headache of getting it setup might not be worth it, as I can see I’d get close to $200, which another $250 would get me the works all ready to use, just have to set things up on it.
So I’m reconsidering that IPFire Mini Appliance - just have to figure out the cost/pain benefit would be…
I dont know your location (I assume US b/c of Century Link and Goodwill) but you can look on eBay for “dell 790 i5”, these go for about $50. A “pci gigabit ethernet card” for about $8. All you need is a disk and 4GB ram. There is also craigslist.org for your city and offerup.com
Unable to get registered to purchase the item OR at least to see estimate of delivery. I get the email and a link to click to register, that fails to a page of 500. UGH!
Assuming you want to setup a red/green ipfire, the onboard can be red, the add’l can be green. If you want an orange network, then you need 2 nic. If you plug in a wifi card, you can have blue as well.
The HP 620 plus thin client is nice but a little $
The HP 610 Plus thin client is cheaper.
Make sure it has a power supply.
They usually have a small ssd 16 and 4gb ram
add nic card sould be under $100
Could you please write to the support mail address if the error persists? That should not be the show-stopper…