can I set my netgear to have a time block? example: 8pm to 5am?
time restriction
-
I should clarify: I'm not using two routers. I'm using a single Netgear 4500. It lets me set wifi enable/disable timers per band. So the N band runs 24/7, the G does not. Unless he gets into the admin on the router or hard-resets the thing, there's no way around it (except for LAN which I mentioned, but that would require him to run to the router, plug stuff in, etc and so forth). I've not bothered to see if i can disable the ethernet ports and force a wifi connection.
-
OK one more post ... this one is a bit of fun "what if" for me. So bear with me.
If the goal is to lock kids only out between x-y .... while leaving the adults functional then with a WNDR4500 you have the following options:
1. Head into advanced --> Advanced Setup --> wireless settings. From here turn off the 2.4GHz frequency by schedule. Leave the 5Ghz freq running 24/7.2. Head into Advanced --> Setup --> wireless. From here you can give each frequency a unique SSID and password. Now only hand out the 2.4GHz band.
3. Head into Advanced --> Security --> Access Control. Here you can enable access control then set to "block all new devices form connecting" then whitelist the MAC of the devices you want to permit. Doing this will prevent him from switching from wifi to hardwire (because it will change the mac address) to bypass your internet access.
That should really do it. Only way around it would be to hard-reset the router at that point (or if he guessed your admin password). OK one other way: if he physically unplugged your router and plugged directly into the cable modem/whatever it is you get service from. At that point he'd knock the whole house offline so it should be pretty obvious. -
@guerrid I agree, maintaining any sort of control of your network is difficult if you can't also control physical access to the device *and* where it plugs into. Aside from being able to lock things away a business can also fire employees who attempt or succeed at circumventing security or make unauthorized changes to the network infrastructure. You don't really have that option with a family.
Getting a new router from AT&T or another source won't really make much of a difference since each router generally has the same default password for the entire run of a model, and sometimes for all models that they make. You probably don't have much of an option there. Some 3rd party firmware for parties allows you to control a little of how the reset button behaviours, but you usually can't control or disable it entirely. One option would be to open up the router itself, and with a pair of wire cutters cut one of the leads to the button if you can, or in some other way physically disable or destroy it. If it's an AT&T router they might not like that though, and if it's one that you bought on your own, if for some reason you can't get into the management interface you won't be able to reset it if you need to also.
Depending on how your house is wired you could also try moving the modem and router or routers into your bedroom or some other place where kids aren't likely to be or to be messing about with them, but that's not really a solution, just a way to make it harder for them to do things you don't want them doing.
@king_family
There isn't such a thing as an "N" or "G" band, at least when it comes to WiFi. The letters actually refer to the WiFi spec, in this case 802.11g and 802.11n. There is also a, b, and now most recently ac. B & G operate on multiple channels in the 2.4 GHz range, while N can operate in both the 2.4 GHz and 5 GHz ranges. I can't remember since it's so uncommon now, but I think A operates at 5 GHZ, and I think ac operates in both 2.4 GHz and 5 GHz but I have worked with it yet. Most 802.11n routers allow you to control the 2.4 GHz and 5 GHz bands separately, with for instance different SSID's, encryptions methods, passphrases, etc. You can even turn them on and off independently of each other. I generally configure them the same so that a device can use whichever works best for it, but there are advantages to keeping them separate, such as with what you're doing.
I do like that you're able to set separate timers for each radio. I'm not sure I've ever seen that before, but even if I had I probably wouldn't have take note of it since I rarely need that kind of capability.
You might be able to disable the Ethernet ports, but just like everything else, if someone is able to use the reset button they'll be resetting that at the same time as they are resetting everything else.
I wouldn't even bother trying to control access with the MAC address since it's trivial to spoof that on just about any modern device. I don't use MAC addresses for security of any sort, but I do use them with DHCP to assign addresses just to make it easier for me to recognize devices on the network if they are using a consistent address. It's not perfect since spoofing is possible, it's mainly for my convenience and ease of use.
There is another way around it, though it would require spending money or in some other way acquiring another router. That router could then be connected to the existing router, or between the ISP's "modem" and your router. A clever person could "obscure" it so that it wouldn't casually be noticed, but if for any reason you're looking closely at things or tracing wiring it would be pretty easy to find.
-
This thread applies to OpenDNS if router manufacturers read this thread because they are looking for requirements for a new router they might be building that they might decide should include OpenDNS and other features people who use OpenDNS might be looking for that OpenDNS can't fulfill. I've noticed that very bright people can often be overly focused (which could also be called narrow minded) such that they sometimes miss the forest for the trees.
-
"if router manufacturers read this thread because they are looking for requirements for a new router"
What an ideal world you live in! I do not think this is going to happen quite often. They at most look into their own forums if at all...
Else we would not find so many broken routers on the market... -
- Yes, you are absolutely right there. Companies certainly do seem to have a way of ignoring their customers' needs. I do try to keep my idealism through it all. There's no reason to think that someday companies won't actually listen to and, (if you really want to hear some idealism) pay their customers and others for good ideas. I call it Microroyalties. I actually have a company started (Microroyalties, LLC) to try to help that happen!
-
I don't know what it's like in the US but I know here in Dublin, Ireland if I rolled up to a parent's meeting at any school with a router preconfigured with two SSIDs, one for adults and one for children, with preset time blocks that could be changed, I'd sell hundreds of them. Complete with key that hides factory reset button. -
I'm not sure what the "this" is that isn't working with your router, but that's a router issue, it has nothing to do with OpenDNS.
If that's a feature you wanted you probably should have made sure it was supported before you bought the router. You might still be able to return it and find a router that suits your needs.
-
One more tidbit that my son and I discovered today. If he already has a connection established, the "block services" feature will not break an established connection. It will only be blocked when he/she tries to re-establish the connection. So you may have to make sure the kids turn off their computer each night, or you could unplug the router at the appointed time so the old connections are broken. Router companies: here's another bug for you to fix!
Most importantly, however, is that we now have enough control that he seems to be resigned to the fact that these controls are here to stay and they are for his own benefit, until he is mature enough to establish priorities for himself without my help. I'm glad we finally got this all figured out, and he seems to be onboard with it and hopefully will no longer waste time trying to figure out ways to get around it. He might have realized that his time could be better spent doing his homework, and we'll all be much happier.
-
By the way, his HP tablet on T-Mobile runs out of data at 250 MB, so tethering only lasts so long, unless he gets a job to pay for more data, which would be fine with me. He did admit to tethering to my tablet the other night, however. So I had to change my pin on it. I am impressed that he actually told me he did it though. He may be crafty, but at least he's honest. That's pretty OK in my book.
-
What about day-of-week customization? https://support.opendns.com/entries/21809639-Add-a-day-based-filtering-feature- implies that this is already possible. Not so, as far as I can tell on the R6100 nor in NetGear LPC. I swore it used to be there until I did a firmware upgrade and now it's not. Am I imagining things? Is there another NetGear router that has this feature? Could we please have the comments reopened for the above idea bank thread, so people can continue to vote for it and comment? It is really a separate issue from this thread, is it not?
-
One more thing. I called AT&T and they promptly (overnight, next day) sent me a new U-Verse router with a different default access code so I was able to write that down privately and then obliterate it so my son couldn't read it off of the router. Returning the old router was a snap. Didn't even have to do any of the packing. Just took it to a UPS Store as instructed and they did all the work at no charge. Just handed them the router and power cable and they did the rest. Nice teamwork, UPS!
It would be nice if NetGear would do something similar, rather then making the default code "admin" that can be returned by doing a factory reset on the router. I have impressed upon my son that consequences will be severe if he does that, but others may not be so lucky, especially if they are asleep or away from the home for an extended period. At this age, a normally honest kid can easily be overcome by temptation, I'm afraid.
-
Regarding the customized default passwords on routers, AT&T is a services company that has an ongoing relationship with it's users. Their entire process is designed around tracking customized and personalized information for a customer, and since those customers are paying them on a regular basis, the additional cost and overhead of the customization is covered by those ongoing service fees.
Netgear is in the business of making and selling hardware to multiple markets in a retail manner. In other words, once it leaves their factory they often have nothing further to do with a unit, and when they do, most of it is generic tech support issues. Tracking a customized admin password for it would be expensive, something they could not recoup their costs on without raising the costs, and in most cases is simply not needed and would never be referenced by them or any of their customers.
And since their is no ongoing relationship with a customer, as soon as a device changes hands without that password also being provided (especially if the sticker had been obliterated) they are going to incur support costs to talk with a customer and get them the information. Considering the price of these devices, any time they handle even a single support call, they've lost their entire profit on that device and go into the red. Unless they raise the price or somehow can charge subscription fees they have every incentive in the world to keep things standardized and the same, and to keep their support costs as low as possible.
-
You're more than welcome to suggest it to Netgear or AT&T yourself, but generally when it comes to a service that provides another vendors hardware to it's customers, it's the service that initiates the process, not the hardware vendor (other than their usual marketing processes). That being said, suggesting what either company should do won't have much weight discussing it in another company's support forums. You'll have to search out their forums, email, or phone numbers and do the suggesting there. They really are not reading OpenDNS support forums to get ideas for their own products or offerings.
-
You should start a new thread to discuss IPv6 so that it get's more attention. You should also consider opening a support ticket specifically talking about IPv6 (and only IPv6). I did that recently and had a good exchange with the support people. The long and the short of it is that it's planned, but no ETA, but that they want more feedback. Basically that means the more they hear from customers, especially in formal support tickets that get tracked by category (hence why it should mention only IPv6) the more attention it will get, perhaps to the point of even prioritizing more resources towards it.
Until then your only option is to disable all IPv6 on your router so that no traffic goes to the internet via IPv6. Plus, if any devices have IPv6 domain servers configured for them they should be removed to make sure that no requests go out for AAAA look-ups even if the DNS lookup itself can only go out via IPv4.
-
I've actually done both of your suggestions already about 1-years ago. I actually filter outbound port 53 so they are basically forced to use the DNS supplied by the router which then blocks IPv6. That way only IPv4 addresses will ever be resolved and there's no easy way around it (can't statically add DNS servers).
Maybe it's time to open another thread and ask for an update (I want to say I had a tech call open about a year ago initially trying to figure out why filter was being ignored ... the root cause was IPv6 based DNS: opendns was IPv6 DNS serves ... but their own products don't work with it). -
DNS servers, whether IPv4 or IPv6, can host both A and AAAA records, so a DNS lookup can easily return an IPv6 address, and (depending on settings) often will since IPv6 is generally the default over IPv4. OpenDNS can and does return AAAA if they are on the authoritative DNS server for the domain since that's how recursive DNS is supposed to work.
I'm not sure what you mean by blocks IPv6 but unless you have IPv6 explicitly disabled on your router you have the potential for leakage. I very deliberately have IPv6 configured to the internet, and am well aware that an increasing portion of my traffic is not being filtered by OpenDNS, but that's one of the reasons I don't roll-out internet based IPv6 to my clients yet.
Yes, it is time to open another thread, that's why I mentioned my support ticket. Basically OpenDNS is asking for feedback and input from users regarding IPv6, and the only way that happens is with a separate thread for IPv6 or a support ticket solely asking for IPv6.
-
@guerrid
"If he already has a connection established, the "block services" feature will not break an established connection. It will only be blocked when he/she tries to re-establish the connection."Generally, this is not a new insight and has been raised before here, but this behavior is necessary based on the facts how OpenDNS works. Only if a new DNS lookup is needed, then new settings can work. An existing open connection does not require a DNS lookup, therefore the changed settings are supposed to not take effect.
"Router companies: here's another bug for you to fix!"
You're right, this is totally out of scope of OpenDNS, but solely a router function. You'll want to raise this with Netgear as suggested by mattwilson9090, to cut every connection when a time based settings change is due, so that the settings can take effect also for existing connections.
-
Yes, for some time, we were aware that the OpenDNS Live Parental Controls had this limitation but it also works this way for the schedule on the router that blocks all ports for both UDP and TCP. I believe that level of blocking does not involve DNS, yet the existing connections are allowed to remain after the appointed scheduled block time. I appreciate your letting us discuss a broad range of features and functionality under the topic of Internet Parental Controls, even if some of the features aren't directly related to OpenDNS. It is kind of you to let us have this discussion in what I consider more neutral territory where we can talk about a variety of routers and their available features.
If/when someone does start a discussion about IPV6, I hope they will add the link here for easy reference. I found an IPv6 setting for the R6100 under "advanced setup" called "Internet Connection Type". I have it set to "disabled". I wonder if that means IPv6 is disabled. The manual is not very clear. It does not explain what the "disabled" option gets you.
-
"I believe that level of blocking does not involve DNS"
This relates to everything depending on the blocked ports and includes to generally block DNS traffic as well if port 53 is impacted. But also this kind of blocking does most likely only take effect in case a new connection is tried to established. It doesn't (and cannot) break an existing connection/session. Blocking has nothing to do with breaking.
"I appreciate your letting us discuss... It is kind of you to let us have this discussion..."
I think there's a misunderstanding. We're all users like you and don't have to permit or to forbid anything. The last staff member message on this thread was on October 14, 2014. You clearly see who OpenDNS staff member is from the Avatar title saying "OpenDNS" below the full name.
Please sign in to leave a comment.
Comments
70 comments