OpenDNS

[stfcinbmth]

Scenario:- We have foreign students, obviously they like to use my internet connection. Our latest student is from Kazakstan. I use OpenDNS to block access to file sharing sites etc. Looking at my OpenDNS logs he has been trying to access p2p sites and when that hasn't worked, proxy sites to bypass the restrictions, which are also blocked. Having read up a bit I realise that OpenDNS is not infallible, all it needs is for him to change the DNS servers in TCP/IP connections and it's bypassed, obviously I can't have admin rights on his lappie. My adsl router is a BT Business Hub 2700HGV, the firewall is pretty basic tbh, I can port forward but I can't block specific ports ie 53

If there's any downloading to be done, I'll be doing it, not some student

So I'm looking for some ideas from you tech savvy lot, not too expensive tho please

[@MacPhlea]

cut his fingers off - he's from Kazakstan, he'll understand

[Arriba]

nice!

[Barry Scott]

I presume it's Windows, so you could edit the Hosts file, although you'd likely have a fair bit of editing to do.

[chalkies_shorts]

If they're female and decent put a webcam on and tell them they need to be naked and do dirty things before the internet will work. They're from Kazakhstan and its probably normal there.

[stfcinbmth]

I presume it's Windows, so you could edit the Hosts file, although you'd likely have a fair bit of editing to do.

Not sure I like the sound of that one Barry. I was thinking along the line of a hardware firewall, but these seem quite expensive. Was sure router had a bridge mode, but it appears not. I'd like the router to handle the BB connection and wireless, is that possible?

chalkie, he's male and I'd like to send him home with all his fingers if poss

[stfcinbmth]

I presume it's Windows, so you could edit the Hosts file, although you'd likely have a fair bit of editing to do.

As a bit of an after thought Barry, wouldn't editing the hosts file only affect the pc it's installed on? I don't have access to his

[Barry Scott]

Oh right, yeah, it would only affect his pc. I incorrectly presumed you had access to his pc, so I have no idea I'm afraid Mr Ballmouth!

[jonny72]

So what is your set up? A small local network at home? Wired or wireless?

Sounds like you need a better router / firewall, which can block certain traffic based on the local ip address or network logon. Haven't got a clue of what options there are, but you should be able to pick up some decent old kit that will be more than capable of what you want. Maybe have a look for some Cisco stuff, an 800 series router should do what you want but you're looking at £150 second hand.

One option is a PC acting as a router and firewall (there are some decent open source solutions for both), worth looking in to if you've got an old one sitting around - doesn't need to be very powerful.

Firewall : http://www.smoothwall.org/
Router / Firewall : http://www.vyatta.com/

Was sure router had a bridge mode, but it appears not. I'd like the router to handle the BB connection and wireless, is that possible?

What has bridging got to do with it? Not sure you can use it to filter or block traffic and even if you could it operates below the IP (network) addressing layer so would be useless. Wireless routers do handle the internet connection.

[stfcinbmth]

So what is your set up? A small local network at home? Wired or wireless?

Sounds like you need a better router / firewall, which can block certain traffic based on the local ip address or network logon. Haven't got a clue of what options there are, but you should be able to pick up some decent old kit that will be more than capable of what you want. Maybe have a look for some Cisco stuff, an 800 series router should do what you want but you're looking at £150 second hand.

One option is a PC acting as a router and firewall (there are some decent open source solutions for both), worth looking in to if you've got an old one sitting around - doesn't need to be very powerful.

Firewall : http://www.smoothwall.org/
Router / Firewall : http://www.vyatta.com/

What has bridging got to do with it? Not sure you can use it to filter or block traffic and even if you could it operates below the IP (network) addressing layer so would be useless. Wireless routers do handle the internet connection.

Small home network. My pc's are mostly wired inc homeplugs. So just the students wireless. Don't fancy a pc on 24/7 as well as router and I've not got the room. Pretty sure a Draytek 2820 would do the job, but I've had a Draytek before(2800 wireless) the features were great but it used to drop bb connection and even wireless connection so once bitten twice shy. My line is also 1.76km from exchange and the 2700 is good for coping with that, so sync at 7552
Bridge, thought you had bridge from router to firewall. Don't know where I got that from. It does appear that you can't disable firewall in 2700 will that be a problem
Cisco, do you have to have any qualifications to set one of those up?
Always fancied a Cisco 877W might be fun

[jonny72]

Bridge, thought you had bridge from router to firewall. Don't know where I got that from. It does appear that you can't disable firewall in 2700 will that be a problem
Cisco, do you have to have any qualifications to set one of those up?
Always fancied a Cisco 877W might be fun

Bridging operates at the data link layer where all routing is via MAC addresses. Though I think there are some hybrid devices that can do more than that. Either way, not sure it's the place to be filtering though I could be talking shit.

The Cisco 800 series come with an easy to use management tool so no degree required. The cool thing is they all run Cisco IOS so you can fuck about with them at a lower level if you want. So best of both worlds. 

[stfcinbmth]

Ok jonny, so how about this one?

http://tinyurl.com/36ryfaf

The 2700 can still handle the BB and wireless I take it?

[stfcinbmth]

Would you need a crossover cable to connect 2700 to 873?

[jonny72]

I've never looked at the 837 before, I've been planning to buy a later model with wifi - one of the 870's.

I'd look for one that has the maximum amount of ram installed, or make sure upgrading it will be cheap. There are also various versions of Cisco IOS, some with more features that you may or may not need. So it's worth looking for one with the best and latest version, think you should be able to upgrade it yourself but it will mean scouring the torrent sites as Cisco don't give them out for free.

I think you should be able to hook them up together, but the 837 would have to connect to the BB with the 2700 before it - otherwise you won't be able to filter the wifi traffic. The other option is a more expensive 870 series model with wifi, which should do it all on it's own (the 837 and 870's have a built in firewall which should be as good or better than the 2700). Either way, make sure the one you buy has the right BB connection - there are different models for ADSL and cable.

Router to router should be a crossover cable, though it's possible some configurations and routers might need a patch cable. When using two routers you'll need to make some changes to the IP configuration on them, chances are that straight out of the box they'll conflict with each other.

I think your best option could be to leave it as it is and to tell your lodger that he needs to stop downloading porn or you'll block him from the network.

Don't blame me if it goes wrong or doesn't work, I've never tried any of this myself - my networking is more theoretical than practical.

[flammableBen]

I'm not sure I'm missing something here, and I understand the excitement of a technical challenge as much as the next bloke, but couldn't you just politely ask the student that if you're going to continue to allow him to use your internet, then can he please not use dodgy file sharing sites?