Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
I would like to have a certain amount of control over the different computers in our house since we all access the internet by a router. Things I particularly want ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272

    May I Ask If These Can Be Done?


    I would like to have a certain amount of control over the different computers in our house since we all access the internet by a router.

    Things I particularly want to do are:

    1) Check what websites were visited by each computer. Sort of a history list in the router.
    2) Block some websites using the same router.
    3) Not to allow some computers to access the internet at a particular time.
    4) And to know if somebody accessed our network without permission.

    If its possible, what are the things I should be doing to get started. Should I be downloading any software or anything? Or should I be setting up a server for this?

    Thanks a lot!
    nujinini
    Linux User #489667

  2. #2
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    877
    You need a better router. An old PC with two NICs will do. Although some of what you want may be difficult to achieve. I'd avoid double NAT, too. Something like this:

    Modem in bridge mode > NAT router > Network Switch > Computers and Wireless Access Point

  3. #3
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    Quote Originally Posted by Segfault View Post
    You need a better router. An old PC with two NICs will do. Although some of what you want may be difficult to achieve. I'd avoid double NAT, too. Something like this:

    Modem in bridge mode > NAT router > Network Switch > Computers and Wireless Access Point
    Thank you very much Segfault. But honestly I didn't understand what you were suggesting since this kind of thing is very new to me. Most of my experiences in linux have been only focused on desktop user's concern.

    Anyway, I hope you don't mind me asking. When you said I need a better router? Are you trying to say that I use an old PC as a router? And also, what are NICs? And NAT
    nujinini
    Linux User #489667

  4. #4
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    877
    YEs, old PCs make great routers and home servers. All you need is just the box, you can keep it in some locker because it does not need monitor nor keyboard.

    NIC - network interface card
    NAT - network address translation

    Although, you can set up this box as proxy and do not offer NAT at all. Which means they cannot access internet directly. They have to make all connections thru proxy and you can configure the proxy to your liking.

    Modem in bridge mode > Proxy > Network Switch > Computers and Wireless Access Point

  5. #5
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,272
    Oh.... Very interesting.

    So it's going to be like a server. It's a bit clearer now. Thank you!

    Can I use my laptop for that instead of an old box? I can try to set-up a server on VBox using CentOS. But.... I think I can't bring my laptop on trips anymore if I do that.

    Anyways....I thought I can block some sites and have a history list using the router alone accessed through my laptop.

    Thanks for your time!

    EDIT: If it would not be too much of a request, can you please point me to a site where I can try to study the setting-up of a PC for this purpose. Sort of a DIY or a tutorial? Thanks again!
    Last edited by nujinini; 09-11-2010 at 06:23 PM.
    nujinini
    Linux User #489667

  6. #6
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Also, if you know exactly which websites you want to block and you want to block them now..you can edit a file, reboot and that website will not be accessible from that machine anymore.
    How to: Use the HOSTS file to block websites in Windows? - Overclock.net - Overclocking.net
    Hosts (file) - Wikipedia, the free encyclopedia
    If your machines are running Windows or Mac, you can probably find some software that does much of what you want, but you most likely will have to pay for it.
    Internet Filter, Parental Controls & Filter Software | Net Nanny
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  7. #7
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    877
    I haven't used those little routers lately, some of them may let you impose restrictions. BTW, adding web sites to hosts file will not deny them to access those sites by IP address.

    proxy setup - Google Search

  8. #8
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Quote Originally Posted by Segfault View Post
    I haven't used those little routers lately, some of them may let you impose restrictions. BTW, adding web sites to hosts file will not deny them to access those sites by IP address.

    proxy setup - Google Search
    True... but if you're diligent, and really wanting it blocked, you can also block the IP.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  9. #9
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    877
    1) Check what websites were visited by each computer. Sort of a history list in the router.
    I think ntop can do it, needs lots of RAM if you want the web interface though. By lots of RAM I mean more than routers usually need.

  10. #10
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Quote Originally Posted by nujinini
    I would like to have a certain amount of control over the different computers in our house since we all access the internet by a router.
    How much control you have over what goes in and out of your network differs greatly per router model. But as said above, the most control you get is when you build your own router/gateway from an old machine with two NIC's.

    There's more ways than one to achieve this, and by no means my method is best. But it's an option.

    Quote Originally Posted by nujinini
    Things I particularly want to do are:

    1) Check what websites were visited by each computer. Sort of a history list in the router.
    When you run your own DHCP and DNS this is easy. There's more reasons to run your own DHCP and DNS, it can be mighty convenient in other areas as well. But for this question of yours, just imagine ALL machines in the network will ask you every time they want to do something on the internet to translate URL to IP address.

    It means you will know where they want to go before they get there. And since they are always asking you, you can manipulate the answers as you see fit.

    Quote Originally Posted by nujinini
    2) Block some websites using the same router.
    Possible, yes. Relying solely on DNS as described above is not the best idea, someone savvy enough can figure out how to get around it. So you'll possible want to block things on the firewall level as well.



    Quote Originally Posted by nujinini
    3) Not to allow some computers to access the internet at a particular time.
    Firewall rules, again.


    Quote Originally Posted by nujinini
    4) And to know if somebody accessed our network without permission.
    Always a good idea. But this is harder than you might think. Do you mean from outside in (attackers) or from the inside out (hitchhikers?). Are you interested in brute force attacks on ssh, ftp, www... I get so many attacks a day I can't monitor them all. Most attacks are random, automated scripts trying their luck on some service ports that have nothing to do with my machine. The only thing that worries me is when they find my ssh port. But that hasn't happened since I changed the port number away from the default.

    Remember that you are running your gateway, so that your network is behind a NAT. If your gateway is safe, then your network is safe.


    Quote Originally Posted by nujinini
    If its possible, what are the things I should be doing to get started. Should I be downloading any software or anything? Or should I be setting up a server for this?
    A server. I don't think your idea of a laptop will work here, as you'll need two NIC's. Unless you want to incorporate a wireless step in the process, but I'd advice against that, both for reliability and security reasons.

    -----------------


    The good news is, it's not that difficult. All you really need is the machine with two NIC's, some iptable rules and I find the easiest solution for dns and dhcp to be dnsmasq (which does both).


    Code:
                                                      +----------+
                                             +--------| machine1 |
        ~~~                                  |        +----------+
      ~     ~                                |
     ~        ~       +--------+        +--------+    +----------+
    ~ internet ~ -----| server |--------| switch |----| machine2 |
     ~        ~       +--------+        +--------+    +----------+
      ~     ~         - IPTABLES             |
        ~~~               - firewall         |        +----------+
                          - nat              +--------| machine3 |
                          - port forwarding           +----------+
                      - DNSMASQ
                          - dns
                          - dhcp



    -----------------

    I understand you only yesterday learned what a NIC and what a NAT is. So the above may be abacadabra to you Sorry about that. I can explain in more detail, but...

    ...but what's more important atm is the hardware. Are you willing to have a machine running 24/7, and do you have a machine to offer for this purpose, and do you have (or can you get) a second NIC? And you'll probably need a switch too.
    Both are not mighty expensive, but you'll want to consider your options carefully.


    Disclaimer: blah blah no guarantees. And I have no idea how a ready-made parental filter would tie into such a setup
    Can't tell an OS by it's GUI

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •