Advanced Home Networking (sub-network) SOLVED

Kyzen

This is a little confusing, but I'll do my best.

My parents have recently been having some troubles with my younger brothers and internet usage. They've decided to put limits on internet access for them. At first I thought this would be easy, and just set up a schedule on the router (a netgear) to block all ports for certain static IPs from 10 PM till 8 AM. That worked for awhile. Now though my parents want to give different schedules for the different kids. The oldest one (16) is to have his internet cut off at 11, and turned on at 10 AM. The middle brother is to have internet to his computer cut out at 9 PM and re-enabled at 10 AM. The youngest brother is to have only internal internet access. The router we have unfortunately only allows for one schedule to be set up.

My thought was to buy a second router, and kind of have a sub-net with a different security setting on it. My question though is whether or not this would work, and if it did, could he still play LAN games with the other brothers?

I know the simple solution is to just take the damn computers out of their bedrooms, but my parents for some reason have decided to comprimise, and let them have their computers, but curtail the computer usage that is getting them into trouble.

Any advice from networking gurus?

EclecticGroove

Wow, talk about needlessly complicated!

Can it be done? Yeah sure it can. But you have to have the second router handing out different addresses from the first, and should turn it into switch only mode as opposed to a gateway (the terms they sue for this can vary). Essentially you will change it into doing nothing but handing out IP's.

Another option is to get a cheap pc and set up something like a smoothwall firewall (or any linux based firewall) that allows you to set up much more advanced rules. You can combine this with a cheap switch and go Internet-->router-->firewall machine-->switch--> PC's.
You can eliminate the router alltogether if youw ant to control all access to the internet via this new firewall machine. In that case you would turn your router into its switch only mode and place it in the switch position above.

Kyzen

EclecticGroove wrote:

Wow, talk about needlessly complicated!

Can it be done? Yeah sure it can. But you have to have the second router handing out different addresses from the first, and should turn it into switch only mode as opposed to a gateway (the terms they sue for this can vary). Essentially you will change it into doing nothing but handing out IP's.

Another option is to get a cheap pc and set up something like a smoothwall firewall (or any linux based firewall) that allows you to set up much more advanced rules. You can combine this with a cheap switch and go Internet-->router-->firewall machine-->switch--> PC's.
You can eliminate the router alltogether if youw ant to control all access to the internet via this new firewall machine. In that case you would turn your router into its switch only mode and place it in the switch position above.

I considered doing something like this, but opted not to as there's no way in hell I could teach it to my parents. I taught the present setup to my dad in about an hour, and could probably teach him how to manage multiple routers, but I don't want to try Linux. Hell, I know barely enough about it myself.

More important than helping my parents control the internet in their house is ensuring that I can hand it off to them after set up, so I don't have to make bi-weekly trips home to help them with it.

Ruckus

D-Link's routers let you setup firewall rules to block traffic at different times.

Example:

Source: LAN=192.168.1.104
Destination: WAN=ANY
Action: Block
When: (9pm-10am) *I'm not sure how well it handles day carry-over, you may need one rule for 9pm-11:59am and another from 12am to 10am.

You'd have to make sure all the PCs were static IP's or Static DHCP though, else the users could just statically set their IP's to something and totally circumvent the Firewall Rules. Or you could just Block Always traffic from hosts outside the range of assigned IPs.

Kyzen

Ruckus wrote:

D-Link's routers let you setup firewall rules to block traffic at different times.

Example:

Source: LAN=192.168.1.104
Destination: WAN=ANY
Action: Block
When: (9pm-10am) *I'm not sure how well it handles day carry-over, you may need one rule for 9pm-11:59am and another from 12am to 10am.

You'd have to make sure all the PCs were static IP's or Static DHCP though, else the users could just statically set their IP's to something and totally circumvent the Firewall Rules. Or you could just Block Always traffic from hosts outside the range of assigned IPs.

So with one router I could set up a custom schedule for, say, 4 IPs?

EclecticGroove

His problem is the multiple access profiles he would need.

His parents want to have multiple machines on multiple schedules. I'm not sure which home routers will allow you to set up more than one access profile.

And the linux machine really isn't that tough so long as you set it up right. But if you and they are unwilling to learn it, then finding a single router that will handle what you need will be your best bet.

Ruckus

Yep on multiple rules.

The trick is planning it ahead of time and knowing which rules you need to create, which default rules you need to disable. Also setting up one rule at a time and making sure it works before you go on to the next rule.

and there is a limit on the number of rules a home router/firewall will handle, if you need more than 30 then you should probably look at something more advanced, like a SonicWALL TZ170.

Kyzen

EclecticGroove wrote:

His problem is the multiple access profiles he would need.

His parents want to have multiple machines on multiple schedules. I'm not sure which home routers will allow you to set up more than one access profile.

And the linux machine really isn't that tough so long as you set it up right. But if you and they are unwilling to learn it, then finding a single router that will handle what you need will be your best bet.

For personal enlightenment I might experiment with Linux over the Holidays, if I can find a distro that will run on a 200 mhz machine.

All the machines will have the same access profile (WAN blocked), but different schedules for when it kicks in, for different IP's. The netgear router I presently have can have as many IP's as I want with whatever access profiles I want... just all the profiles have to adhere to the same schedule.

EclecticGroove

smoothwall will run on a 200mhz machine fine.

It's a distro that does nothing but firewall/routing.

For your parents I'd look into one of the pieces of hardware mentioned.

Ruckus

Screenshot of the DI-624 web interface for filtering:

Kyzen

Ruckus wrote:

Yep on multiple rules.

The trick is planning it ahead of time and knowing which rules you need to create, which default rules you need to disable. Also setting up one rule at a time and making sure it works before you go on to the next rule.

and there is a limit on the number of rules a home router/firewall will handle, if you need more than 30 then you should probably look at something more advanced, like a SonicWALL TZ170.

Should only need 4. 8 if I need to create a second rule to deal with day crossovers. Assuming of course I can create a rule that just blocks WAN access, and don't have to do one rule per port or something stupid like that.

Do you know what model # the D-Link router that has this ability is? Or do all D-Links have this?



EDIT: Damn your fast posting. Or my slow typing. Or both. That answers it, thanks. Time to find a good deal on a D-Link

Ruckus

POAST FROM DA FUTURE

HorizonXP

What router do you have right now?

This might be a case where DD-WRT, or OpenWRT might be VERY useful.

Kyzen

HorizonXP wrote:

What router do you have right now?

This might be a case where DD-WRT, or OpenWRT might be VERY useful.

The Netgear WGR614