Google image block instructions in conjunction with opendns?
Hello,
I am not extremely tech savvy when it comes to networking, like most people. Yes, I too am looking to block porn from all devices connected to my network regardless if I have physical administrator control of them or not. Hard wired and wireless. Yes, I have looked all over the internet and this website to find the solution. Opendns cannot do this alone that is understood. The solution for me appears to be a combination of Opendns and a proxy server that intercepts Web searches and automatically edits them to be safe search = strict. However, this setup seems very daunting for me to try and figure out alone and requires a lot of money. The money isn't the issue though. I have Uverse. So, I will need to purchase a NetGear wireless router with Opendns already compatible. (my preference). Then I will insert that between my computers and the Uverse gateway. Disable my Uverse wifi, configure the opendns parental controls and good to go. EXCEPT, what about the google images,etc... I now need to make one of my existing computers or buy a new dedicated computer to be my proxy server. Then I need to set it up and configure it somehow with the already existing opendns configuration above. Which is the best and least expensive way to go about this? How on earth is out accomplished in an easy to follow instruction? So, my main question is can someone with the know how please post instructions, advise and recommendations for how to get all this setup in my scenario and without Uverse for other people? I see everyone saying it can't be done with opendns alone,but everyone wants it to be. Everyone seems to come here looking for the answer. So, could someone please post the solution instructions in detail to help everyone out and put it to rest? I am just a parent like most trying to help my child grow up without porn in their face 24/7. It's not like when I was a kid the only porn you would see is if the house builders left magazines at the job site or your parents weren't home late at night and you had adult movie channels to watch. Even that was soft porn. Nothing like kids are subjected to nowadays. Thank you!
-
You may not need a Netgear router with OpenDNS LPC enabled at all.
Take an older computer you still have lying around making it a server and equip it with the following applications (examples for Windows):
- A free distro of a proxy server, e.g. http://www.wingate.com/products/wingate/index.php or http://fiddler2.com/
- A free distro of a DHCP server, e.g. http://sourceforge.net/projects/dhcpserver/ or http://www.dhcpserver.de/dhcpsrv.htm
- A free distro of a DNS server, e.g. http://sourceforge.net/projects/dhcp-dns-server/ or http://www.isc.org/downloads/bind/ or one from https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
Note: You do not necessarily need to install three packages. There are also combinded packages like http://sourceforge.net/projects/dhcp-dns-server/
- You configure the DNS server as DNS forwarder to OpenDNS.
- You configure the DHCP server to give out the server's IP address as gateway address and DNS server address.
- You configure the proxy server to filter what you want filtered, by URLs, keywords, object types, whatever you want, including to e.g. force always SafeSearch for Google searches by appending the related parameter to the HTTP request..
- In case of a dynamic public IP address you run an updater on this server too, e.g. http://updater.marc-hoersken.de/
(The official OpenDNS Updater is not suitable for unattended server operation yet.) - You disable the DHCP server and DNS server/forwarder functionality on the router and possibly block any passthrough for outbound ports 53, 80 and 443.
This easy thing makes it look like a high-end professional security and filtering appliance for ten thousands of dollars.
-
rotblitz,
Thank you for the info.
So I assume I would still need a new wireless router that plugs into my proxy server and all the computers in my house and wireless devices will connect to that router correct? So what hardware would I need on the proxy server? How beefed up will it need to be? Is the proxy server going to slow down my service tremendously? What LAN requirements would it need (two ethernet ports minimum), RAM, etc...? Thank you. B
-
"So I assume I would still need a new wireless router that plugs into my proxy server and all the computers in my house and wireless devices will connect to that router correct?"
You didn't mention what your current router is, so I don't know if you need another router, but most likely not. Most home type routers will do it. Depending on your configuration you may still need to give out the router's IP address as gateway address though, not the server's IP address. The proxy server IP address in the browsers would show then the server's IP address.
For WLAN connectivity you can use a router (e.g. your current one) or a WLAN adapter on your server which is capable to serve as access point. Many WLAN adapters support this.
"So what hardware would I need on the proxy server?"
Minimum CPU 1.5 GHz (single core) or 1GHz (dual core), 1 GB RAM, 20 GB disk. That would be good for Windows XP Home or Pro. As I said, it can be a very old but still working computer lying around. See also the requirements for the applications you'll need to install.
"Is the proxy server going to slow down my service tremendously?"
Normally not unless you connect and operate more than 20 devices at a time all using the internet intensively.
"What LAN requirements would it need (two ethernet ports minimum), RAM, etc...?"
RAM covered above. You can connect the server to the router, anyway, with high-speed WLAN or ethernet cable. If the router still serves as your LAN router, you don't need a second NIC.
If you want the server to action as router, you'll use a WLAN adapter with access point capability for wireless and a switch at a second NIC for the hardwired devices. You'll also install a free distro of a software (virtual) router on the server, see
https://startpage.com/do/search?q=router+software+windows+free -
rotblitz,
Do you think it would be possible to use a free or paid cloud proxy instead of my own? Pros Cons?
Please look at the attached drawing and see if I understand the configuraion properly.
Whats hould the security (firewall, etc...) settings be on the devices?
Thank you, B
Preliminary Config 1.jpg -
"Please look at the attached drawing and see if I understand the configuraion properly."
Yes, the principles are right. But let's talk about this new "Wireless router":
It must not have port 53, 80, 443 blocked, else the proxy/DHCP/DNS server cannot be reached too. And the ports do not need to be blocked, because there is no direct internet access from this router.
Because you have DHCP and DNS server on this router too, you may not need these on the proxy server at all. See if you can configure a static DNS resolver address on the "WAN" side (direction proxy server) of the router which would be the proxy server's IP address. To configure it on the LAN side could work too. The router's DHCP server propagates the router's IP address as gateway address (anyway - must be) and the proxy server's IP address as DNS server address.
On the proxy server you do not necessarily need a DNS server, the dnscrypt-proxy (http://dnscrypt.org/) installed on the server would already do, configured to listen on the server's IP address and forwarding to OpenDNS directly.
"What should the security (firewall, etc...) settings be on the devices?"
Nothing special, as far as I can think of. You don't open any additonal holes with this configuration.
"Do you think it would be possible to use a free or paid cloud proxy instead of my own? Pros Cons?"
Sorry, I do not have any experience with such a 3rd party service, so don't want to comment. Someone else maybe?
-
rotblitz,
Is this what you mean? (see attached)
Thanks, B
Preliminary Config 2.jpg -
rotblitz,
Just to clarify for me I would install the following on the proxy server:
- A free distro of a proxy server, e.g. http://www.wingate.com/products/wingate/index.php or http://fiddler2.com/
- A free distro of a DNS server, e.g. http://sourceforge.net/projects/dhcp-dns-server/ or http://www.isc.org/downloads/bind/ or one from https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
OR
- The dnscrypt-proxy (http://dnscrypt.org/) installed on the server would already do, configured to listen on the server's IP address and forwarding to OpenDNS directly.
I was reading on the DNSCrypt and it mentions something about not being a DNS Cache. Does this mean it will be slower than using the DNS Server software because it will have to resolve the DNS&IP everytime instead of keeping a cache?
I think I understand it pretty well.
I may need help configuring the INI files and such, but this looks like a good solution.
I will post here again when I get the new hardware.
Probably just start with the new wireless router and switch then add the proxy last.
Thanks,B
-
Yes, with your last diagram you'll be installing a proxy server server. For DNS you use either the dnscrypt-proxy or a DNS servver.
"I was reading on the DNSCrypt and it mentions something about not being a DNS Cache. Does this mean it will be slower than using the DNS Server software because it will have to resolve the DNS&IP everytime instead of keeping a cache?"
Not really. You didn't have a DNS cache until now, so why now worry about it? The DNS caching takes effect also on the local end devices with their local resolver cache.
"Probably just start with the new wireless router and switch then add the proxy last."
You cannot use this router for internet connectivity before you have installed the proxy unless you configure special routing to your Uverse Gateway.
-
rotblitz,
To start out with I was going to just get opendns up and going because I will need more time to build a proxy server.
I was going to use the same setup as the last configuration except go from the Uverse Gateway directly to the wireless router. The wireless router DNS will point to OpenDNS.
This should be all I need to get OpenDNS going correct?
I will be getting the Netgear R6300v2 and Netgear GS116 Prosafe switch today.
Thanks,B
-
"The wireless router DNS will point to OpenDNS.
This should be all I need to get OpenDNS going correct?"
Yes, this should work. Don't forget the Updater running somewhere within your network.
"I will be getting the Netgear R6300v2 and Netgear GS116 Prosafe switch today."
Will you be using the Netgear R6300 with LPC enabled? Not sure. but this may not work behind the Uverse Gateway and may work even less behind a proxy server going further. LPC works pretty much different if it comes to features like content filtering. Therefore LPC uses a different dashboard and locally running programs, you get no DNS stats, and you don't run an Updater.
http://www.opendns.com/support/article/125 -
rotblitz,
I got OpenDNS working with my R6300 & Uverse 3801.
Here is what I did:
Firstly, I followed these instructions -
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.
1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.(Already set this way by deafult on R6300)
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save.
(This process changed my router to 10.0.0.1 which is fine because I don't need to access anything plugged directly into the Uverse gateway.)
Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.
Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.
This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
(Thanks to SomeJoe7777)
Secondly, I disabled the wifi on the Uverse gateway by going to the Wireless section and choosing disabled.
Thirdly, I entered in the OpenDNS server information into the R6300 under Internet settings.
That's all. It works great with OpenDNS.
All is fine except the R6300 signal range is very poor.
I am hoping it is just a filing cabinet I have in the way, but right now it is no better than the Uverse wifi at this point.
5G doesn't make it but 20ft and 2.4G probably around 40ft.
I will update again when I get the proxy server ready to install.
Thanks for your help!
-B
-
FYI: There's a new breed of of router that deal with the incognito loophole! They appear to implement something like option 3 described in this link: (https://support.google.com/websearch/answer/186669?hl=en), and make it real easy. I found three: 1) Kibosh (www.kibosh.net) 2) Blocksi Router (http://www.blocksi.net/parental-control.php) and 3) pcWRT (http://www.pcwrt.com/).
Please sign in to leave a comment.
Comments
14 comments