FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 11-04-2010, 07:41 PM
Jake Moe
 
Default Best way to restrict home web browsing

A bit off topic, but this group seems to know a lot about this sort of
subject.

I've caught the 11 year old at home browsing sites he really shouldn't
be. I'd like to implement some sort of filter so that he can only
access "approved" sites, but myself and my o/h can browse whatever we
want. What is the best way to implement this? A firewall? Some sort
of web proxy? Something else? I've got a few Gentoo computers, one
that tri-boots between Windows XP (for work), Windows 7 (for games) and
Gentoo (for everything else), and one Windows laptop (my o/h won't give
it up) connecting to one wireless AP/router.

I'm thinking maybe a single firewall would be the way to go, but I
suppose it'd have to something that we could "log" into to let it know
who's who; I've never heard of a firewall that does that. Otherwise,
maybe a software firewall on each PC, but it'd be a bit cumbersome
across all the PCs, unless it had some sort of central management server.

A web search seems to show a Squid proxy may be the way to go, as well.
but I'm not familiar enough with that to know if it'll really do what I
want.

Any help/suggestions would be appreciated. Thanks.

Jake Moe
 
Old 11-04-2010, 07:59 PM
Matthew Summers
 
Default Best way to restrict home web browsing

On Thu, Nov 4, 2010 at 3:41 PM, Jake Moe <jakesaddress@gmail.com> wrote:

A bit off topic, but this group seems to know a lot about this sort of

subject.



I've caught the 11 year old at home browsing sites he really shouldn't

be. *I'd like to implement some sort of filter so that he can only

access "approved" sites, but myself and my o/h can browse whatever we

want. *What is the best way to implement this? *A firewall? *Some sort

of web proxy? *Something else? *I've got a few Gentoo computers, one

that tri-boots between Windows XP (for work), Windows 7 (for games) and

Gentoo (for everything else), and one Windows laptop (my o/h won't give

it up) connecting to one wireless AP/router.



I'm thinking maybe a single firewall would be the way to go, but I

suppose it'd have to something that we could "log" into to let it know

who's who; I've never heard of a firewall that does that. *Otherwise,

maybe a software firewall on each PC, but it'd be a bit cumbersome

across all the PCs, unless it had some sort of central management server.



A web search seems to show a Squid proxy may be the way to go, as well.

but I'm not familiar enough with that to know if it'll really do what I

want.



Any help/suggestions would be appreciated. *Thanks.



Jake Moe






Hi Jake,*
This is something I wish there was more information about free/open solutions available to assist parents in this exact situation.
So, dansguardian [1] is a good place to start, and here [2] is a nice article on linux.com that provides an actual solution.

I think it would be really helpful if you could document what you learn as you traverse this situation, so that other may benefit as well. Perhaps a gentoo forum topic in addition to this ML might be appropriate.

Also, I have seen around some talk about running a setup like this on a WRT router running DD-WRT and another system called packetprotector running openwrt [3]

[1]*http://dansguardian.org/
[2]*http://www.linux.com/archive/feature/113733[3]*http://packetprotector.org/

Cheers and good luck,Matt
--
Matthew W. Summers
quantumsummers | trustee, gentoo foundation
 
Old 11-04-2010, 08:07 PM
Stroller
 
Default Best way to restrict home web browsing

On 4/11/2010, at 8:41pm, Jake Moe wrote:
> ...
> I've caught the 11 year old at home browsing sites he really shouldn't
> be. I'd like to implement some sort of filter so that he can only
> access "approved" sites, but myself and my o/h can browse whatever we
> want. What is the best way to implement this? A firewall? Some sort
> of web proxy? Something else?

This is something that you can do in all sorts of complicated manners. But it's really not realistic for one person to maintain a list of porn sites, and even updating lists that you obtain from elsewhere can be a chore. The best blocklists are sold on a subscription basis, and so on.

The easiest way is probably to use OpenDNS, and sign up for an account with their filters. You can point your router to the OpenDNS servers and then it will serve DNS to all the client machines on the LAN. If you want to bypass it then you change the DNS on your own PC to point to an uncensored one.

A very small minority of capable employees and teenagers are probably capable of bypassing most any restriction. Based on the OpenDNS suggestion, the next level of security is to block at the router all DNS packets from inside the LAN, unless they're going to the router itself (which gets its DNS from OpenDNS on the filtered account).

Stroller.
 
Old 11-07-2010, 08:38 AM
Kfir Lavi
 
Default Best way to restrict home web browsing

On Thu, Nov 4, 2010 at 10:59 PM, Matthew Summers <quantumsummers@gentoo.org> wrote:

On Thu, Nov 4, 2010 at 3:41 PM, Jake Moe <jakesaddress@gmail.com> wrote:


A bit off topic, but this group seems to know a lot about this sort of

subject.



I've caught the 11 year old at home browsing sites he really shouldn't

be. *I'd like to implement some sort of filter so that he can only

access "approved" sites, but myself and my o/h can browse whatever we

want. *What is the best way to implement this? *A firewall? *Some sort

of web proxy? *Something else? *I've got a few Gentoo computers, one

that tri-boots between Windows XP (for work), Windows 7 (for games) and

Gentoo (for everything else), and one Windows laptop (my o/h won't give

it up) connecting to one wireless AP/router.



I'm thinking maybe a single firewall would be the way to go, but I

suppose it'd have to something that we could "log" into to let it know

who's who; I've never heard of a firewall that does that. *Otherwise,

maybe a software firewall on each PC, but it'd be a bit cumbersome

across all the PCs, unless it had some sort of central management server.



A web search seems to show a Squid proxy may be the way to go, as well.

but I'm not familiar enough with that to know if it'll really do what I

want.



Any help/suggestions would be appreciated. *Thanks.



Jake Moe






Hi Jake,*
This is something I wish there was more information about free/open solutions available to assist parents in this exact situation.

So, dansguardian [1] is a good place to start, and here [2] is a nice article on linux.com that provides an actual solution.

I think it would be really helpful if you could document what you learn as you traverse this situation, so that other may benefit as well. Perhaps a gentoo forum topic in addition to this ML might be appropriate.


Also, I have seen around some talk about running a setup like this on a WRT router running DD-WRT and another system called packetprotector running openwrt [3]


[1]*http://dansguardian.org/
[2]*http://www.linux.com/archive/feature/113733[3]*http://packetprotector.org/


Cheers and good luck,Matt
--
Matthew W. Summers
quantumsummers | trustee, gentoo foundation

*I'm using this tool for general filtering of stuff.

http://www.gentoo-wiki.info/Moblock
It's not exactly what you need, but it worth a check, because it gets list of sites, so maybe you can add special lists to Moblock that filter sites that are not for teens.


Take care that I would use a proxy site to surf the web to overcome your filtering, so this also should be banned.
To check it search google for anonymous proxy or something similar.

After you do implement those solutions, check that your boy don't spent more time in the neighbor's home surfing the web ;-)


If you can document your steps, as Matt said above,* maybe on http://en.gentoo-wiki.com, it will be very good for all of us.

Regards,
Kfir
 

Thread Tools




All times are GMT. The time now is 09:00 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org