Protect Kids online proxy

[tomcoleman]

hi all,

im looking to setup a Man in the middle, home DNS, proxy any of those really.

My kids are starting to use the laptop at home to do homework etc.

Ive found ways to filter, DNS block (openDNS etc) but need something more granular

I need to be able to block "keyword searches" and see what they are typing into google/bing.

I cant install software on the computer as its Windows 10 S edtion and we want to keep it that way.

Can anyone recommend a good opensource, nice gui etc porxy/firewall/DPI peace of software?

Or im i doing this the wrong way/method?

No problem setting things up in shell/cmd etc but dont want tons of information to go through every day something niceley presented.

I looked at pfense with ntop but doesnt seem todo the DPI / reporting part.

We use smoothwalls at work which seem nice, but the opensource version hasnt been updated since 2013 and very dated.

 

[Nikumba]

Put something like a pfSense box between your router and your network

 

[tomcoleman]

Put something like a pfSense box between your router and your network

did you read my post....

 

[chrcoluk]

For intercepting things like google search you will need a network wide proxy like squid, perhaps combined with squidguard which works of course with pfsense.

you could also make their connectivity in a walled garden type thing so e.g. only on ports 80/443/53 etc. Depends how extreme you want to go.

Actually blocking specific searches is obviously way more diffilcult tho, but using specific filter lists with squidguard tho whilst you may not be able to block the searches you may be able to block what happens when clicking on those search results (the actual websites from loading). There is some very extensive squidguard filter lists out there.

 

[tomcoleman]

For intercepting things like google search you will need a network wide proxy like squid, perhaps combined with squidguard which works of course with pfsense.

you could also make their connectivity in a walled garden type thing so e.g. only on ports 80/443/53 etc. Depends how extreme you want to go.

Actually blocking specific searches is obviously way more diffilcult tho, but using specific filter lists with squidguard tho whilst you may not be able to block the searches you may be able to block what happens when clicking on those search results (the actual websites from loading). There is some very extensive squidguard filter lists out there.

ok so pfense + squid + squidguard ?

and that can intercept HTTPS and display in a nice format searches & do keyword blocking? ?

 

[chrcoluk]

squid and squidguard are official packages in pfsense so point and click to install, however the configuring I havent touched on yet, so that side someone else can explain or its reading the documentation. lists can be found here. It can intercept https.

http://www.squidguard.org/blacklists.html

There is also pfblockerng (use the dev version) which has a massive point and click filter list capability as well, and that has the benefit of been entire network wide not just web browsing.

As I Said tho keyword blocking is probably going to be extremely difficult.

 

[tomcoleman]

thanks i'll have a look

 

[Armageus]

Or im i doing this the wrong way/method?

I'll be that guy and disagree - it's more of a parenting issue than a technology issue:


Education/Trust is a much better method imo. (Coming as a parent of 3 boys 9-15)

What actually is the issue?
If it's adult content, then OpenDNS is the easiest method. If it's malware, phishing etc, then pihole or pfblocker and some decent blocklists will help.

Restricting what can be viewed works to some extent in your house, but doesn't solve issues when your children have a mobile phone, go round a friend's house etc.

For our 9 year old, he only uses a PC in the living room, and we regularly ask him what he is doing on his Tablet, and what videos he is watching on Youtube on his smart TV.

Even with older kids, building trust is important - regularly ask them what they've been viewing, and if you can take an interest in what they are doing.
If you want to check their history etc, then ask them first if you can (e.g. give them the opportunity to own up first before punishing).



Equally most of the above applies to internet usage at work - although in the case of problem users, we just provide evidence to their managers/HR and let them deal with the problem.

 

[SMN]

Slight tangent, has anyone had any success setting the HTTP Proxy as a DHCP option? I'm using Unifi at home and this has got me thinking if i can have a seperate squid proxy (with squidguard et al) set for anyone joining the kids wifi/kids VLAN which has its own DHCP Server.

 

[chrcoluk]

I have that setup. Not specifically for kids but for a guest wall gardened network.

What I did.

Brought a device to run openwrt as a wifi access point.
Configured pfsense.

So openwrt supports VLAN management on many consumer wifi routers. I am using an archer C7.
I setup 2 wifi networks on each AP, referred to as virtual access points.
One wifi network goes to one VLAN and the other goes to another VLAN.
Each VLAN has its own virtual switch, and own DHCP server, and own LAN subnet.
One VLAN is full access, like a normal LAN, the other has no access to the default LAN subnet (so wouldnt be able to access windows network shares etc.), limited internet connectivity, and lower priority on QoS. Also the full LAN AP is hidden, so need to know the name to try and use it.

To make this work I also had to configure VLAN's on my pfsense unit as well.

 

[morbid42]

Its very simple - Block all websites and whitelist domains over time - school url\learning resources etc This is more feasible as they are younger, and also give you parent\child time.

Yes youd need spend more time doing it but is the most robust route

 

[LabR@t]

I have successfully used untangle on my home network for a number of years, £4 a month and I get detailed reporting, different policies for users, time of day etc.
I can block all proxies, vpn's etc. Highly recommended.

 

[MonkeyBasher]

You could probably do a lot of this with a cheap PI and PIHole.

Using a decent DNS setting and updating a good set of lists in PIHOLE will block >90% of the traffic you don't want.
For the rest you can just check using the GUI once a week and add the nasties to you local blacklists.
Add the edu sites to your whitelists and you are good to go.

The only thing I suspect it will not do is search logging / keyword blocking which as above may not be actually what you want anyway.

 

[LabR@t]

Untangle utm

 

[mattbel66]

It's good that you want to keep Win 10. It is better for children to use the latest version of the operating system, so they will be on a par with the progress. I had something similar to your list for children and I can say that https://help.proxies.com/hc/en-us/articles/360061543293-Firefox handles it pretty well. It will be much more modern than what you used from 2013. I doubt that that software could have done any of what you wanted. Now there are much more effective extensions that work right inside your browser. Anyway, I think that you will like this option.

 

[smogsy]

We have a 10 year old Daughter,
Android - Family link + Pihole
Windows - Microsoft family safety (block sites ,screen time etc) + pihole

Or
you could try QUSTUDIO, they send you a daily weekly report of what apps are being used & websites visited, worked very well & for most part its free. it was very good when we used it, but didnt need what it offered as for the most part she is trustworthy
However found Microsoft FAmily Safety + PIhole enough for our needs

https://www.qustodio.com/en/
https://www.qustodio.com/en/
you get s0omething simlar to the following via email or via the app

you can then dig in deeper if required

 

[chroniclard]

Microsoft family, open dns. All free.