My Gateway



  • Hi.  I am new to pfsense.  I have been use an old version of Clark Connect for my home router.  I am looking to switch to pfsense.  After doing a lot of research, and asking a lot of questions, I was able to do two things with Clark Connect:

    1. Only devices I approved could connect through my router.  I did this using firewall rules to screen devices by mac address.

    2. Using some shell scripts, I could block my kid's access to the internet.  They could only get online when I said so.  This was a parent's dream.

    Now I would like to do the same using pfsense, but I am also hoping that using the proxy server, I can keep track of the web pages my kids are visiting.  (another parent's dream)

    So, is this something that can be done using standard pfsense setup, or will I have to rewrite some firewall rules?



  • @LawTech:

    1. Only devices I approved could connect through my router.  I did this using firewall rules to screen devices by mac address.

    No, pfSense doesn't support MAC filtering. You can configure the DHCP server in pfSense to "static ARP" which kind of does the job - but not in combination with port/IP/Layer7 rules. You can, of course, use these more advanced filters on the IP addresses which DHCP hands out to specific MAC addresses. Of oucrse, this approach can be hacked. Then again, your current setup can easily be hacked as well.

    @LawTech:

    2. Using some shell scripts, I could block my kid's access to the internet.  They could only get online when I said so.  This was a parent's dream.

    I'd use a captive portal for that. Yup, pfSense has a captive portal built-in.

    You can add your own PC's MAC address to a whitelist (pass-though MACs), so these amachines can access the internet without logging in to the captive portal. This of course can be hacked. You can also provide a "master password" for your use, which means that you would have to log into the captive portal as well. This apprach is less convinient for you, but is more hack-proof and might add a bit of security if the kids gain physical access to your PC.

    And if the kids want to go online, you can hand them a voucher which allows them access the internet for a pre-set duration (like, an hour).

    Obviously, you need to keep the pfSense box and the vouchers physically secure.



  • You could also try doing content filtering with squid + squidguard and lightsquid for reports on what website they are visiting.

    I found a simple tutorial here:
    http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-tutorial



  • Ok, thanks for the help.  It looks like I will have to stick with firewall rules.


  • Netgate Administrator

    You can do layer2, and hence MAC, filtering with the captive portal. It uses ipfw instead of pf like the rest if the pfSense filtering.

    Steve


Log in to reply