| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 75595 | 2007-01-04 08:27:00 | LAN - Restricting Internet Access - Best Way? | Mix (11719) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 512625 | 2007-01-04 08:27:00 | I have a LAN set up at home with around 7 pc's all with fixed IP addresses in the range 192.168.1.10 - 192.168.1.100 My Kids PC is set up with an IP address that my router will deny outbound traffic to after a set time each night - ie: no more internet late on a school night. So far so good, until my teen set his pc up (so he says) to select a random IP address each time his box boots up in his room thereby gaining access. So I was thinking perhaps the way forward is to take a large IP range of addresses I can specifiy to my router that should deny outbound traffic across the board and then allow only 2 ip addresses that will allow outbound traffic.. one box my own, the other a pc i set up as a proxy server that will then allow me to also control some content, qty of data downloaded etc by IP address... and if the kids move the fixed IP address off their box then they loose any way of connecting to the net.. What should I do? My router will allow inbound and outbound rules, locking down only 1-2 ip addresses that my router will allow traffic outbound from seems to be my best bet and combining this with one of those IP addresses being a proxy box may be the go? Suggestions, info most welcome... Thanks Mix |
Mix (11719) | ||
| 512626 | 2007-01-04 08:52:00 | what are you using as a router / software, | dbs (8785) | ||
| 512627 | 2007-01-04 09:48:00 | Turn off DHCP service on the router, then he will have to use a static address within your set sub net. Set the router to allow all for your IP address, all the rest have limited access. | SolMiester (139) | ||
| 512628 | 2007-01-04 21:42:00 | Thanks for the info so far guys Router is a Dick Smith XH1169, DHCP is turned on and will allocate auto from 192.168.1.4 to 192.168.1.15 - so you reckon turn this off? OK and if so my teen could still just choose a random IP could he not? I experimented last night and put in a blanket IP ban for all addresses and traffic, it even killed the router trying to find the time server! I'm still leaning to having a box as a proxy server and allowing only that and my box's IP to connect.. but killing the DHCP sounds like a good move |
Mix (11719) | ||
| 512629 | 2007-01-04 22:27:00 | I have a proxy server which runs Dans Guardian which is a very effective way of filtering content (not by IP address but by actual content). My sons pc runs through this and is very effective (can be too effective some times). Sometimes my wife get a false "access denied" so I give her a hard time about what she is trying to access! Another alternative, if you feel like getting carried away, is setting up 2 subnets, one with a SmoothWall (or similar) box which has all the pc's which need filtering, access rules applied, hanging off it (with DHCP enabled). This way there is no way he can get past the Smoothwall box. The other IP range would have direct access to the internet. You can get addon's for Smoothwall to give a breakdown of traffic. Next your son will be trying to hack his way into the router! |
dolby digital (5073) | ||
| 512630 | 2007-01-05 03:27:00 | Ha - yes that's what having kids is for is it not - to help keep you on top of your game :-) The proxy software I am pondering is called CC Proxy and allows for 3 connections on the demo version but you can control amount of data downloaded, time allowed on the net, and set content filters all based on IP of box connected to it; url is www.youngzsoft.net if you want to take a look. I have killed DHCP now so it's a start. I will look into your suggestions dolby... some brands etc I am not familiar with but can read up on... The router has a login password set up that's not the default values :-) Mix |
Mix (11719) | ||
| 512631 | 2007-01-05 05:10:00 | Hi the DSE unit will do what you need I think the problem is how you have setup the inbound and outbound policies. First create two IP address ranges, one for the 192.168.1.4 to 192.168.1.15 range and one for the 192.168.1.1 to 192.168.1.3 range. Then you need to put the following rules in the inbound and outbound policies in this order: 1. Allow any time the 192.168.1.1 to 192.168.1.3 range. 2. Weekday rule for the 192.168.1.4 to 192.168.1.15 range. 3. Weekend rule for the 192.168.1.4 to 192.168.1.15 range. 4. Deny all for all IPs and protocols etc. Do not forget to put the rules in both inbound and outbound policies and in the order above. Also do them for all protocols and ports. |
ughnz (8297) | ||
| 512632 | 2007-01-05 06:10:00 | Can you not block the router ports individually? That way, IPs wont matter. Check the router configuration page. |
vinref (6194) | ||
| 512633 | 2007-01-05 07:22:00 | I have a LAN set up at home with around 7 pc's all with fixed IP addresses in the range 192.168.1.10 - 192.168.1.100 My Kids PC is set up with an IP address that my router will deny outbound traffic to after a set time each night - ie: no more internet late on a school night. my teen set his pc up (so he says) to select a random IP address each time his box boots up in his room thereby gaining access. Discipline? You could both go round and round, you set up the security, he bypasses it. Or set some rules and give up on the hacker games. |
pctek (84) | ||
| 512634 | 2007-01-05 13:23:00 | i gotta be blind, where do i find this on my DSE router? Hi the DSE unit will do what you need I think the problem is how you have setup the inbound and outbound policies. First create two IP address ranges, one for the 19 2. 168. 1. 4 to 19 2. 168. 1. 15 range and one for the 19 2. 168. 1. 1 to 19 2. 168. 1. 3 range. Then you need to put the following rules in the inbound and outbound policies in this order: 1. Allow any time the 19 2. 168. 1. 1 to 19 2. 168. 1. 3 range. 2. Weekday rule for the 19 2. 168. 1. 4 to 19 2. 168. 1. 15 range. 3. Weekend rule for the 19 2. 168. 1. 4 to 19 2. 168. 1. 15 range. 4. Deny all for all IPs and protocols etc. Do not forget to put the rules in both inbound and outbound policies and in the order above. Also do them for all protocols and ports. |
dbs (8785) | ||
| 1 2 | |||||