Questions about using pfsense to restrict internet content for my kids
-
@bmeeks said in Questions about using pfsense to restrict internet content for my kids:
What kind of pfSense firewall do you have? Is it perhaps one of their SG-1100 or SG-3100 appliances? If so, those have a built-in VLAN-capable switch you could make use of if everything is hard-wired.
I have a Netgate SG-1100. I could get another wireless router and connect it to the OPT physical port and lock the kids' devices' MACs out of the other router and the non-VLAN interface.
-
@steve973 said in Questions about using pfsense to restrict internet content for my kids:
@bmeeks said in Questions about using pfsense to restrict internet content for my kids:
What kind of pfSense firewall do you have? Is it perhaps one of their SG-1100 or SG-3100 appliances? If so, those have a built-in VLAN-capable switch you could make use of if everything is hard-wired.
I have a Netgate SG-1100. I could get another wireless router and connect it to the OPT physical port and lock the kids' devices' MACs out of the other router and the non-VLAN interface.
Yes.
Since it will be the only thing plugged into the OPT interface, it's its own physical network. You can choose what/how it routes to the Internet and to your LAN.
-
@bmeeks Hello. It's been a while. I just got a Ubiquiti UniFi UAP-AC-M and I have made sure that I have internet access on my OPT port of my SG-1100. But since I'm not on the same subnet, I cannot locate my device with the UniFi manager app. Do you have any suggestions about how I can do this?
-
My unrestricted wifi is on 192.168.0.0/24 and my OPT network is 10.0.0.0/24.
-
A great solution is DNSThingy where you can manager multiple user with different policies on each device. It works on Pfsense as an add-on, here is the link https://www.dnsthingy.com/testimonials/
-
@steve973 said in Questions about using pfsense to restrict internet content for my kids:
@bmeeks Hello. It's been a while. I just got a Ubiquiti UniFi UAP-AC-M and I have made sure that I have internet access on my OPT port of my SG-1100. But since I'm not on the same subnet, I cannot locate my device with the UniFi manager app. Do you have any suggestions about how I can do this?
Put your UniFi Controller and the APs on your LAN (the unrestricted 10.0.0.0/24 network). Then within UniFi controller create the VLAN for your restricted WiFi (using the VLAN ID). The UniFi APs will segregate the VLAN traffic for you and give the Guest Wi-Fi (the restricted network) the proper VLAN tag you specify.
-
@hotshottech It looks pretty cool, but it's $8/month!
-
It is worth it....I have used it for three year now and it gives you a peace of mind knowing the interest is properly filtered.
-
@hotshottech How much harder, really, is SquidGuard? And I'm already using the OpenDNS servers.
-
@steve973 said in Questions about using pfsense to restrict internet content for my kids:
And I'm already using the OpenDNS servers.
Which of their servers? They have the family shield set, and the regular everyday set.
Jeff
-
@akuma1x The family shield servers.
-
They use OpenDNS for their Blacklist Rules but I like the way they handle Whitelist Rules.
-
@steve973 said in Questions about using pfsense to restrict internet content for my kids:
@akuma1x The family shield servers.
Ok, since it's the family shield servers, you can set the kids VLAN to use a DHCP server, and then use the Family Shield DNS servers as the main DNS for that subnet/network. That will lock it up pretty good. That's how I set it at my house, with the kid network.
Jeff
