OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of deuch »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - deuch

Pages: 1 2 [3]
31
Web Proxy Filtering and Caching / Re: Setup for children protection
« on: June 04, 2023, 11:27:36 pm »
Hello,

I can use a port for the WAN (0), a port for the Ethernet stuff (1) and a port for the Wifi AP (2) if needed.

On the AP I can set up a guest wifi network for kids, but it stills keep the same IP range than other wifi device.

So i do not know how to secure my setup to avoid my kid bypass the security (random Mac address, hard coded DNS etc ...).

If you have idea to secure kids stuff, I'm listening  :)

How zenarmor can help me to achieve this kind of setup ?

Thank you !

32
Web Proxy Filtering and Caching / Setup for children protection
« on: June 04, 2023, 10:50:33 am »
Hello all,

I'm new to opnsense and I will receive my hardware (N5105/8Gb RAM, 256GB SSD with 4 I226v) in a few days an I've got some questions about my future setup.

I've an internet fiber connection at home with a ONT. OPNSens will replace my actual modem and will act as router.
I've got a Asus XT8 Wifi router that will act as Access Point only. I've many Ethernet device connected on multiple switch too.

The idea of what I want to achieve :

- 1 WAN for internet
- 1 LAN for the rest (of course  :))

I would like to cut the subnet of the LAN in 3 parts let say :

- 192.168.1.2 -> 192.168.1.30 -> Fixed IPs for NAS and fixed stuff (computer etc ...)
- 192.168.1.31 -> 192.168.1.220 -> DHCP IPv4 classical
- 192.168.1.221 -> 192.168.1.254 -> Only use for the kids wifi device

Basically what I would like to achieve is to use standard DNS like CloudFlare (1.1.1.1/1.0.0.1) for the 2 first subnet, and a special one (let say ad-guard public DNS or a AdGuard Home) for the subnet for the kids and apply filtering, parental controls etc only on this part of the subnet.

How can I achieve that ? With MAC filtering (if exist in OpenSense) ? To ensure that kids device goes to the dedicated subnet ? If they change on their device to use a private/random MAC, how can i ensure that it will stay in the kids subnet ?

How to ensure that kids can not override DNS servers directly in the device ? And how to bypass the hard-coded dns servers in some apps (route/firesall rule maybe) ?

Sorry if some of my questions are dumb, but I would like to set up something at least robust  :)

Maybe I can do it with VLAN, but can I make the difference between my kids phone and my phone at the Wifi AP+OPNSense to put them in the right VLAN ?

Thanks for the help and patience !



Pages: 1 2 [3]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2