Do you need internet filtering for your entire home LAN? Do you want to rid your entire family of internet porn? Even your mobile devices that connect to your WIFI hotspot? For FREE?
Well, I found a great solution with awesome benefits that will secure your entire LAN instead of on a per computer basis, or per browser basis. On my LAN, I have 1 Mac, 2 laptops, and 2 Linux boxes, 1 XBox and 3 iPhones on my network at any time. The solution I have works by customizing your home internet router as the primary way of securing.
Here are my original goals:
- Eliminate all internet pornography from entering my Home
- Centralized securing mechanism
- Ability to lock ALL computers with a pulse (or an IP Address)
- Preferably Free
- Not a browser based solution.
- Not a single computer based solution.
- Can’t be circumvented by the savvy teenager
Many of the solutions that I found, were either browser based solutions or computer based solutions. This has the following drawbacks:
- Each machine can easily have another browser, which requires MORE configuration and maintenance.
- New Computers on the LAN will need more configuration to be secure.
I’d suggest before reading my directions below, read through the Open DNS Basic Setup page first.
Why implement such a broad solution for you Home?
- Does you child / teenager have a laptop?
- Is the computer in an open area where you know exactly what website they are on?
Research and Statistics on Pornography
Here’s a few quotes for you, which will hopefully lead you to attempting to set this up at Home:
- 9 out of 10 children aged between the ages of 8 and 16 have viewed pornography on the Internet, in most cases unintentionally (London School of Economics January 2002).
- Largest consumer of Internet pornography: 12 – 17 year-old age group (various sources, as of 2007).
Here’s some great sites where you can learn more, based on my research:
The Easy Configuration:
This configuration is intended to be generic and not a complete solution for every single router on the planet, but will get you started in the right direction. I have a customized ASUS router with custom firmware by: http://dd-wrt.com/ It allows complete control over anything on my router. I wouldn’t advise this for any average user. You can easily brick (permanently destroy) your router if flashed improperly.
Here’s what I did to configure my router to make this happen:
- Create an account on http://opendns.com/ This will allow you to modify / add DNS server entries into your router. Also, they have some slick advanced solutions to update a domain name with your dynamic IP address for hosting services on your computer at home.
- Log into your home router. In many cases they will commonly be the following: http://192.168.1.1/ or http://192.168.1.254 or something like that.
- Go to your LAN section that will contain the DNS server entries. This is vague, but intended to be used for any router.
Here’s a screen shot of my admin screen:
The primary changes are the DNS 1/2/3 entries pointed to opendns servers. The 3rd one is the most important (IMO). That’s an IP address that doesn’t exist for a DNS server. Basically, if it can’t find DNS 1/2, the dns entries won’t be served up to your LAN. If you default to 0.0.0.0, then if opendns 1 and 2 aren’t available, the DNS entries will be served up by your local ISP, which will not be content filtered.
This is almost exactly what I did to configure my router, but scaled down a bit for the intermediate guy figuring this out. I implemented the DNS-O-Matic solution to update my dynamic IP address to a domain name. This allowed me to host some upcoming solutions, such as a WebDAV server, Apache server forwards to a Java stack for a Grails application I’m working on. That’s on the nerd / techie side of things, so it’s not covered here.
Here’s exactly what I did on this page: http://dd-wrt.com/wiki/index.php/OpenDNS#Basic_Setup
Here’s a few other alternative solutions that’s possible as well. Some of them offer free software downloads. This may require installing on various home computers though. This was one of the reasons why I chose a router based solution.