Restrict Kids Internet Access
Please keep in mind that I'm very new to all this, including the terminology
My kids are getting iPad Minis for Christmas, and I want to really restrict their internet access. Since they've got friends that come over with their own iPad/iPod/Whatever devices it may make sense for them to be able to connect, but with the same set of restrictions. My initial thought is that I create a 3rd WiFi network for them. Currently I have HH-Secure and HH_Guest. I'm thinking of adding HH-Kids. Is there an easier way though?
I want them to be able to call friends and family on the various video chat programs…we'll have to figure out how to police that within the device I'm guessing. I also want them to be able to access the Apple App Store. Regarding "the internet" (browsing), what I want to do is whitelist a small group of websites that they're allowed to go to. Ideally if the try to go a website that IS NOT on the whitelist, they will be prompted for a username/password to add that site to the whitelist. This way when my wife realizes they want to go to "CoolNewCartoon.com" and I'm at work or out of town, she can check it out on the computer and once she determines it's safe, she can quickly just give them access on their device without me having to edit the rules. Is that even possible?
I should add that I did install the SQUID package, but I have no idea where to find it within the Web GUI to play around with the settings or anything. And frankly, I don't even know for sure what SQUID is. I was describing what I wanted to do to an acquaintance as he said "yeah…you can do that with squid, just set it up as a proxy". That doesn't mean anything to me, other than that I needed squid.
Thanks in advance.
Also, one other thought on this.
I have my "Guest Network" setup as unsecured, and use a Captive Portal to allow people to access the network. I want to make it so that the MAC address of the kids iPads, cannot access the internet AT ALL if they connect to this network. At some point they will figure out the user ID and password for the Captive Portal on the guest network. I just want to make sure they can't connect to that, at all, ever. Is that easy to do? Would I just make a firewall rule to block all traffic from, then in the drop down select "single host or alias" and list their devices MAC addresses there?
Personally if this is for home, dont over complicate your network, it doesnt need to be. Go to www.opendns.com and look around there, its so easy to do. If you got a static IP from your ISP its even easier to configure and stop kids of seeing things they shouldnt. I use this all the time, you could if you cleaver is to create another WIFI network and configure the DNS your Ipads and other nodes on the network to get, and job done!
See this thread http://forum.pfsense.org/index.php/topic,68927.msg379887.html#msg379887 for what I put together as the ultimate pfSense home restriction/filtering solution.
I do most of what you're asking for using squid and squidguard.
Squid appears under "Proxy server" in the menu system, I forget which top-level menu but about 4th from the left.
Squidguard appears under "Proxy filter", just above squid's entry.
I use access control lists in squidguard filtered by IPs. I set up static IPs for kids' devices in the DHCP server for the wifi interface.
It's a steep learning curve, but powerful once configured.