darkcyde Posted November 19, 2018 Share Posted November 19, 2018 Hi I'm not sure of the correct terminology here, so I will just explain what I want to do... I'm about to introduce my kids to the world of desktop computers and the internet, but I want to control what they do, and be able to see what they do. Ideally, I'd like to blacklist/whitelist websites, so that EVERYTHING is blacklisted to them, and if they want to access something, they have to ask me to verify the site, and then add it to a whitelist. So I thinking of trying to use the server as a portal to the internet, so all traffic routes thru the server - at the moment I just have a standard home network. I don't think just doing it to their machines would be enough, as I'm sure if they are anything like me they'll work out how to get around any local settings and undo the block, so it would have to be set so that if they didn't route through the server, then they'd get nothing at all. My server has at least two NICs, maybe 4, so perhaps I can route the network from the Internet Router, to the server via one NIC, and then from the other server NIC to the switch and then onto everything else. I also use a Ubiquiti WiFi access point for wireless devices, so that can also sit behind the server. Am I thinking too much pie in the sky, or is any of this possible? Or does anyone have any other suggestions on how to protect kids from the perils of the internet? In this day and age, just not letting them on isn't really an issue, and I don't want to restrict their learning. I'm ok with an all or nothing solution, so all our devices have to have the same routing. Thanks in advance! Quote Link to comment
JonathanM Posted November 19, 2018 Share Posted November 19, 2018 Unraid doesn't do what you want out of the box, but depending on your hardware you may be able to set it up that way. However... what you are asking to do is pretty advanced, and the fact that you are asking the question at all leads me to believe you don't currently possess the skill set to pull it off. You will need to settle in for some education, trial and error, and a lot of failure at first. If this sounds good to you, and you love learning and expanding your abilities, then go for it. If you just want to push a button and have it done, don't even bother heading down this road. Pfsense is one way to get where you are going, and it has a couple benefits right off. It's free software, and it runs perfectly fine (for now) on older hardware as a standalone, and when you get comfortable with it, you can make the leap to hosting it on your Unraid server, if your server hardware allows it. Search for space invader one's youtube channel, he has several tutorials on pfsense with unraid. Quote Link to comment
darkcyde Posted November 19, 2018 Author Share Posted November 19, 2018 No, I wasn't expecting it to be straight forward, and I'm totally up for learning - I've recently upgraded from a pilgrim desktop PC being used as a server, to a fully rack mounted enterprise grade server running UnRaid, which took some learning. I'm not a total noob and am quite technically minded, but this aspect is totally new to me - when I said I don't know the terminology, I just didn't want to muddy the waters by trying to guess the correct terminology and sending people up the garden path and generally confusing things. Since posting this I've found pfSense and SpaceInvaderOne's videos and am watching them now. It sounds like it does exactly what I want, but I'm not sure I have the hardware as my current ISP supplied router (Vodafone) has the WAN modem built in, and obviously my server doesn't have a WAN modem, but I do have an old OpenReach modem which is a rebadged Huawei WAN modem, so I might be able to use that assuming Vodafone will share the authentication credentials with me, but I've not got to that part in the videos yet! Quote Link to comment
JonathanM Posted November 19, 2018 Share Posted November 19, 2018 1 hour ago, darkcyde said: I'm not sure I have the hardware as my current ISP supplied router (Vodafone) has the WAN modem built in, and obviously my server doesn't have a WAN modem, but I do have an old OpenReach modem which is a rebadged Huawei WAN modem, so I might be able to use that assuming Vodafone will share the authentication Normally you would configure the ISP modem to pass through your public IP with no firewalls either incoming or outgoing, and plug that ethernet into whichever pfsense interface you wanted to designate as WAN. If your ISP modem isn't configurable, it becomes a little more difficult, and you likely will be unable to access some services from outside. However, LAN access should still be quite doable. Forwarding services to the outside is not something you discussed in your post anyway. Quote Link to comment
darkcyde Posted November 19, 2018 Author Share Posted November 19, 2018 I'm not too bothered about external access just yet, as I'm at home 90% of the time, and rarely need to access LAN stuff externally that desperately, although it would be a nice to have. I've dug out the OpenReach WAN modem, plugged in power and the DSL cable, and the DSL light flashed for a bit and then came on solid, so I assume its done its handshake and is happy, but I won't know until I configure pfSense and connect up the NIC port to the WAN modem. Quote Link to comment
Frank1940 Posted November 19, 2018 Share Posted November 19, 2018 Be sure to Google unraid pfsense and raspberry pi pfsense for another option. It seems to me that there was a problem at one time with running pfsense on a Unraid server that had to do with the OS needing WAN access before the router software was setup but I believe that was fixed... Quote Link to comment
darkcyde Posted November 19, 2018 Author Share Posted November 19, 2018 21 minutes ago, Frank1940 said: Be sure to Google unraid pfsense and raspberry pi pfsense for another option. It seems to me that there was a problem at one time with running pfsense on a Unraid server that had to do with the OS needing WAN access before the router software was setup but I believe that was fixed... I think this was due to the Registration Key, but now it's been fixed so that once the key is installed (not Trial) the Server will then operate 'offline', so doesn't need WAN access at boot. If you are running a Trial key, then you need internet access at boot I believe. I've hit a roadblock with the NIC setup...I cannot separate my Dual NIC on one controller without causing problems, so I've ordered a separate PCIe Intel Quad NIC to install....I've got two spare PCIe slots anyway so not a problem and used ones are dirt cheap....doing it this way will allow me to have dual NICs to my lan for a bit more overhead once we go 4K around the house. Will be a couple of days until the new NIC arrives, so I will update the thread then. Thanks for everyone's input....much appreciated! Quote Link to comment
John_M Posted November 19, 2018 Share Posted November 19, 2018 37 minutes ago, darkcyde said: I've dug out the OpenReach WAN modem, plugged in power and the DSL cable, and the DSL light flashed for a bit and then came on solid, so I assume its done its handshake and is happy, but I won't know until I configure pfSense and connect up the NIC port to the WAN modem. The solid light probably indicates that the DSL modem has synced with the DSLAM in the telephone exchange or in the street cabinet, but different Internet service providers have different login details so I wouldn't expect a BT modem to work with Vodafone unless you at least reconfigure it with the latter's credentials. Quote Link to comment
darkcyde Posted November 21, 2018 Author Share Posted November 21, 2018 On 11/19/2018 at 4:07 PM, John_M said: The solid light probably indicates that the DSL modem has synced with the DSLAM in the telephone exchange or in the street cabinet, but different Internet service providers have different login details so I wouldn't expect a BT modem to work with Vodafone unless you at least reconfigure it with the latter's credentials. Yeah, you were right....it was connecting, and getting assigned a WAN ip address, but wouldn't allow any traffic. So I got the username and password from Vodafone and have got it connected and allowing the wonderful internet in! So, all that's on hold now until the NIC arrives, and then I've got some cabling to do to get from the modem, up to the server room, and then back out to my LAN. Quote Link to comment
JonathanM Posted November 21, 2018 Share Posted November 21, 2018 7 minutes ago, darkcyde said: I've got some cabling to do to get from the modem, up to the server room, and then back out to my LAN. Sounds overly complicated. Is your wiring closet not in the server room? Quote Link to comment
darkcyde Posted November 29, 2018 Author Share Posted November 29, 2018 Unfortunately not...the modem is located near the front door at the master socket, and the server closet is on the first floor....either way I'd need to run a cable from the master socket and I'd rather do that in Cat5 to minimise speed loss than run a modem cable all that way. All the wiring is now in place, and I've configured pfSense and it's been running fine for the past week, which is good. However, the HG612 modem is still handling the PPPoE connection, which the modem on 192.168.2.1 and the pfSense VMS on 192.168.2.100. Is it possible for the pfSense VMS to handle the PPPoE login? I have two interfaces on the VMS, one is the WAN CAT6e which goes straight to LAN1 on the HG612, and then LAN CAT6e which feeds the connection into my network on a 192.168.1.* address base. In the Interfaces page in pfSense, I can change the WAN connection type to PPPoE....is it as simple as changing it to that, and putting in the Voda username and password, and then it'll handle the WAN login instead of the HG612, or does the HG612 have to handle the login?? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.