We have:
1*Desktop (XP) 1*Desktop (7) 1*MBP 3*Laptops (7) Xbox 360 Airport Extreme Router Printer (Wireless) At the moment the router software is on the MBP. The network is only used for sharing internet connection and printer. I’m after a solution that allows me to have the wireless network constantly available but have control over which computers have access and when. All our kids have computers and they are using them way too much and I’ve come to the conclusion that electronic control is the go, rather than getting all ninja on their arse etc. My only option at the moment is disconnecting the router which is a pain…. As then every device loses out. I don’t really need filtering or anything, simply an on/off button to gain or deny access to specific computers. If it has some calendar set-up would be handy (ie: computer A has access between 6-8pm daily, computer B 24hr access, etc). So can any one point me in the right direction? I’ve had a google but any user recommendations preferred, especially if the user has slayed dragons before. It would also be good if the software is free – but prepared to buy if necessary. Preferable to have the software on the MBP but can settle for the desktop with XP…. Cheers |
with the wireless you could just enable mac address filtering, as for automating it all i think you would need to get ddwrt on your router or have a linux box set up to be your gateway. then you could just filter whatever you wanted whenever you wanted based on a schedule. |
Never used that router, doesn't sound like it would be particularly flexible with this sort of thing.
Perhaps you could have the affected computers connect through a secondary access point or something like that, and only disconnect that one. |
I meant to say, if a new router gives better options than I'll definitely consider a new one.
I was hoping to keep it as simple as possible... just some software that I can check a box (or something like that) to allow a particular computer access or not... Am I dreaming it would be that simple? |
yeah i suggest mac address control too
|
If you wanted to go all out and have some spare parts lying around, chuck in pfSense or Smoothwall and setup some filtering that way.
|
Where did that XBox 360 link come in my OP... wierd.
Oooh and again. |
I take it that you're using a 'Airport Extreme' based on the 'router software' on the MBP?
I think the most elegant way to approach this problem is to use the 'point of access' to the web to manage this for you. Unless natively supported by your router, this is likely to cause you some headaches. I can tell you that I've just upgraded from my housemates netgear pos (which was dropping out all the time) to a Fritz Box. Not that it's massively likely to help you, but the Fritz box has all the features you just asked for (literally... you can schedule what items on your network have access to the net and when, and if you are happy to you can even apply 'power saving' features to turn your wi-fi off during hours when you wouldn't normally need (read: when you don't want anyone to have) access to the net.) Shy of running some sort of proxy or firewall/gateway (which would need a computer on 24/7 to act as the host for said facilities; call in the linux fanboi's). So unless your router supports these kinda features, you're either s*** out of luck, or managing it as best you can right now (physically disconnecting the device) at the 'point of access'. (you could run 'client' based stuff, but all that running 'net nanny' is going to do is increase the number of times your kids hit up google for 'how do I circumvent net nanny to ...') Also, this reads a little awkwardly... I don’t really need filtering or anything, simply an on/off button to gain or deny access to specific computers so in other words, "I don't need filtering, I simply want an on/off button to filter..." Happy to be corrected, but as I see it, if you want loads of 'per device' management options, you'll need to either look at replacing your current router (if it doesn't support this type of 'scheduling') or look at running some additional hardware to 'filter' connections (by device) for you. |
Surely there are routers that allow you to set time based ACL filtering. A quick google came up with something like this:
TL-R470T Access Control Parental Control, Local Management Control, Host List, Access Schedule, Rule Management PS I don't know anything about the particular device above it was just used as an example of the existence of something like what you might be looking for. Also I know it isn't a modem etc but this feature must be available in something easier than running another machine with Smoothwall etc. last edited by Clubby at 14:38:42 20/Apr/12 |
I think what mission is after is an easy way of turning his kids 'net off, amirite?
if they're not terribly computer savvy, all I would do is turn off something like DHCP at night time and reboot the router leave your own computers with statically assigned IPs and set your kids up with DHCP, as soon as you turn DHCP off they will lose internets and you guys can keep surfing that would have be one of the least complex ways of doing it - ie no pfsense/smoothwall box to configure |
That is a clever way to rework it Teq, but it wouldn't take me long to work my way around that (admittedly I'm not the target audience).
The bigger problem with that as I see it is that it isn't a 'set and forget' solution. It does solve the 'As then every device loses out.' problem, but I'm sure going through this rigmarole would get old... fast. |
so in other words, "I don't need filtering, I simply want an on/off button to filter..." Sorry, I meant filtering as in filtering websites etc like pronz and bombz teq, yes. I really don't want additional hardware (unless replacing the router is the best option), and I'd really prefer not to have to reboot stuff. I'd just like an interface where I can grant or deny access to the wireless network and therefore to the internet. Maybe a fancy new router that has these options is the go... I'll investigate. |
I agree, but its a cheap way to implement it instantly and involves no extra hardware or software
if he was prepared to turn an old machine into a firewall those options have already been presented (smoothwall/etc) You could very easily setup a job to run every night & every morning, turning off/on the 'net to individual PCs based on the time http://www.pcmag.com/article2/0,2817,2374267,00.asp there is probably newer stuff out since then, but obviously a market exists for this kind of thing |
my wrt54g running tomato firmware has timed access capabilities but is only 54mb/s so probably too slow by todays standards.
http://i296.photobucket.com/albums/mm190/pointyfork/QGL/Screenshot2012-04-20at152013.png |
The Fritzbox ADSL router allows you to allow and deny any device on the network, set up time based scheduling as well as a tonne of other things.
This is a screenshot of the child protection filters which allows you to do the time based net as well as a bunch of other things. http://users.victor.edu.au/~gumby/fritzbox.png http://www.pccasegear.com/index.php?main_page=product_info&cPath=200_1296&products_id=17382 Easily the most feature packed modem/router I've ever owned. |
+1 for fritzbox. Mine is unreal with the amount of features it has for the price.
Another easy option might be mutliple wifi broadcasts? Set up a wifi broadcast for each device or a group and turn it off as you want them on/off the network. I am not sure if your device will have this capability |
+1 for fritzbox
its expensive but i love it especially if you are using VoIP phones best VoIP i have ever used!!! the other good thing about fritzbox is you can have wifi for guest (which means they have access to the internet for certain amount of time) but cant access your network :) the fritzbox is also future proof for FTTH as you can use one of the GBit LAN ports as a WAN. |
http://forums.techguy.org/networking/515362-setting-up-deactivating-router-schedule.html
Looks like you may need a new router... |
Interesting thread.
I need to do the same at our football club. We have free Wireless-N Wifi but I want to schedule it so it's only available during the times the club is open so someone doesn't come down in the night and leech the f*** out of it (probably low risk considering the location of the club, but if it's easily preventable then I will take that route). |
I meant to say, if a new router gives better options than I'll definitely consider a new one. Nope. Don't rush out and buy a new router. This should be an easy setup. You can even set up accounts with time constraints for the best in parental controls. Taken from Designing AirPort Extreme 802.11n Networks - http://manuals.info.apple.com/en/designing_airport_networks_10.5-windows.pdf Page 52 on this document will show you where to add Timed Access. You'll need Mac filtering enabled first. It's all there. Nothing too hard. |
even s***** netgears have access control...
just go buy a billion router and be done with it. all models will do what you want. Im even suprised ur current one doesnt, have you checked the interface? |
He doesn't need a billion. His airport extreme will do it as mentioned above. Also Airport Extremes one of the best routers around. Even if you have nothing to do with other Apple products.
Taken from Anantechs review: http://www.anandtech.com/show/4577/airport-extreme-5th-gen-and-time-capsule-4th-gen-review-faster-wifi-/9 I guess the reason that I personally use an Airport Extreme (in conjunction with another device for NAT) is that it's really one of a small number of 802.11n dual-band APs I've tried that actually works without locking up, becoming unstable periodically, dropping the session from overheating when being pushed to 100% for hours, or requiring a daily reboot. There are just so many other consumer level 802.11n APs that either fall short or are incredibly frustrating and unreliable. Thus far, I've been using an Airport Extreme Gen 5 and Time Capsule Gen 4 as my primary AP with over 12 devices attached to each one for the greater part of a month without a single instability. It's that kind of stability that really sells it for me, even with 3x3:3 out of the picture. |
or you could be a man and get a cisco 877 that does everything. for the price you pay for the gimped router and the modem to hang off it... it makes sense.
|
I have the following at home
1 x WIN7Pro HTPC 1 x WIN7Pro Netbook 1 x Fedora XMBC HTPC 2 x macbooks 1 x HP N36L - Solaris Express 11 + napp-it 1 x HP DL380G7 - Centos / 3CX WIN7 Pro VM / R2 ENT VM / ClearOS Enterprise 5.2 VM - hypervisor is XENserver 1 x 1810-24G 1 x ip470 1 x yealink T38G 1 x Ubnt Bullet2 I forget the output but its not exactly acma approved 1 x WINXP Desktop - not mine 1 x Eaton 5110 1000va 1 x Eaton 5GOX 1500VA 1 x cisco 877 1 x Brother Network MFC 2VLAN's Management is done all from the my own macbook via openxencenter & ssh, clearos handles the nasty incoming s***, R2 is for AD, 3cx is my least fav phone system but I test it for work. Centos is for testing. I have been testing the new version of clearos pro which is f*****g awesome and now with AD support Web usage reporting is done by mysar Dansgaurdian / squid handle the webs*** I run a captive radius portal for WIFI handled by clearos for weblogin Next is selling my micro server and the drives downgrading from 5x5k300 2tb to as many 500gb mdl sas as I can get my hands on and a DL380G7 with a spare sas cage, I have an expander which will be fine for the job to service the second cage. Going to throw SE11 and use comstar to feed the VM box. Also on the cards after the tax year is two copper intel x520 nics so I can move into 10gbe country. Minster for finance and war has approved my cisco lab so as of next Monday its 3 x Cisco 1841's 2 x ADSL HWICs 2x Serial HWIC's maybe a Etho HWIC 2 x 2950's and borrowing some 2900's Whole box and dice runs like lighting and is very solid, once I get this lab s*** done and dusted I might actually get around to a how to clearos thread for trog that I promised years ago |
hey herbal, do you by chance know of lizzard(spell?) tecnhology?
|
What's your electricity bill herbal?
|
or you could be a man and get a cisco 877 that does everything. for the price you pay for the gimped router and the modem to hang off it... it makes sense.For what specific reason?? I own one plenty of others do too. Any reason to recommend it other something cheap like a draytek if you are not using the features not much point honesty? I sold my second 877w a while ago, the wifi is s*** and a vanilla 877 is fine for what I am using. Backup is a 7xxx something billion I am after the 1841's since I am not committing to 1941's due to price and honesty there is better and cheaper s*** in the market then Cisco, but its for study so its justified the I will be flicking them cheap Also you could man up and buy juniper! |
For what specific reason?? for the price you pay for the gimped router and the modem to hang off it... it makes sense Any reason to recommend it other something cheap like a draytek if you are not using the features not much point honesty? even s***** netgears have access control... just go buy a billion router and be done with it. all models will do what you want. Im even suprised ur current one doesnt, have you checked the interface? |
so basically mish you've bought an apple product that is criticised for its lack of functionality and now you're not able to do what you want because of its lack of functionality. please do not buy apple products again.
|
As Jayman has said twice, the Airport Extreme serves this functionality.
Jayman I read really positive things about the 'Airport Extremes' when they launched, and yea, Wireless N was a good selling point for them (that is, dual band N that actually works). I had one for a little while but opted to return it as I thought $200 was overkill at the time (and as I didn't own any mac's at the time, I really didn't like the 'application' needed for configuration. That and the gui for making changes to the router config really isn't well layed out at all plus you'd still need to shell out for a Modem(not a big deal, but at $200 for the router, the extra $40-60 for a modem sorta feels like 'salt in the wound'.)) In all seriousness, as I said at the start (and had a good roll going in the middle there for a little while) if you ARE in the market for a new Router, and want something feature heavy, Fritzbox 7390 FTW. looking at the interface for it in pictures, it looks kinda gumby/awkward, but it seriously took me 10 mins to hook it up, log in to the web, and set all the IP address reservations and port rules I wanted. The interface for it is BY FAR the best I've used on a domestic network appliance. |
I'm still at a loss to figure out how his network even works. He said the router software is on the MBP, does that mean he leaves his macbook on 24/7? I can't imagine that would be an ideal solution as opposed to a single router sitting in a cupboard somewhere. Also what "router software"? Does he have the MBP plugged into the ethernet and that shares the internet to the house? or just his kids? IDKWTF
|
Thanks for the replies, bit seedy today so haven't tried anything out yet!
Whoop: the software that controls the router is on the MBP, but it doesn't need to be left on.... if I want to change settings of the router, such as password, I use the MBP. I start the 'Airport Extreme' application and all the settings are there. The modem is plugged into the router. One desktop and the XBox 360 are wired to the router, other computers and printer are wireless. Hardware: the router is awesome, I'd buy one again, super reliable (I've never touched a setting since I first turned it on when I bought it) and handles the home network with ease. Although, if it can't do these functions that I'd like, well that is a negative of it. My previous non-apple router before this one didn't do what I want either.... I'll look into all the options tomorrow, cheers. |
The Airport range of network products doesn't have a web based admin page.
The 'Software' on the MBP is the configuration utility (which is available for PC also, it's just 'native' on Mac) for the Router. So it'll be (Cloud)-->(his Modem)-->(his Airport Extreme Router (which is simply that. A router))-->(rest of his devices). |
So grasshoppa, all becomes clear.
Do the kids have their own set PC's and they aren't allowed to touch the others in the house? If they're using their own PC's and no one elsees, why not create a task in task scheduler that runs at a specified time that just runs the command "ipconfig /release" which will just release their IP address? Of course then I suppose it'll also disable their access to the entire netowork but it's an option. well really you'd need a couple of tasks, one that runs at logon and again at 8pm that disables the network, and one that runs at 6pm that enables the network. Just how tech savvy are these kids? |
hey you will probably need
1 x WIN7Pro HTPC 1 x WIN7Pro Netbook 1 x Fedora XMBC HTPC 2 x macbooks 1 x HP N36L - Solaris Express 11 + napp-it 1 x HP DL380G7 - Centos / 3CX WIN7 Pro VM / R2 ENT VM / ClearOS Enterprise 5.2 VM - hypervisor is XENserver 1 x 1810-24G 1 x ip470 1 x yealink T38G 1 x Ubnt Bullet2 I forget the output but its not exactly acma approved 1 x WINXP Desktop - not mine 1 x Eaton 5110 1000va 1 x Eaton 5GOX 1500VA 1 x cisco 877 1 x Brother Network MFC gl cuzzy bro! |
hey mission have you seen this http://arfore.com/2009/04/03/configure-airport-extreme-mac-filter-acl/ It does mention time based ACL based on mac address
If you kids start looking in arp traffic and learn about mac spoofing your f***ed, you might have to step up to user based authentication method but do0b can help you out there last edited by HerbalLizard at 23:10:22 21/Apr/12 |
^^ I think if I set "easy" methods to control PC usage and the kids got around those, I'd just take their PC's away from them until they can learn not to f*** with me. Until that time they can use the PC in the lounge, with me sitting behind them the whole time.
None of this passive aggressive bulls*** of oh they're using too much, I'll cut their net, oh they spoofed my mac address I'll just ban them by user name. More like oh they're using too much PC, set a shutdown script that runs at 9pm with a 10 minute warning to save all homework. If they get around it and I find them up at midnight off goes the power switch outside in the fusebox. I am the computer nazi. |
I am the computer nazi My dad found the easiest way to manage it was to take the keyboard with him to work (back when $100+ only bought you a 112 key keyboard and pocket money was >=$5pw) |
Herbal has it methinks.
That's certainly barking up the right tree without needing to outlay $$$ for new hardware etc etc. |
I'd give my left nut for a cisco router right now. HerbalLizard (or anyone else who knows) is there a model which has an adsl2+ and fe/gi wan port as well as a bunch of fe/gi lan ports? I want something that'll do adsl2+ now but be usable when FTTH rolls on.
|
Hi red I am far from a cisco expert, I can build a config make some adjustments copy and paste that's about the level of my understanding. Its for this reason I am starting to do some cisco study from ccna >> ccnp out of my own pocket
If you wanted to get a decent preforming router without the butt hurt I would opt for juniper. There is a reason why everyone is striping Cisco out of their data centers. I have seen huge Cisco shops entirely replaced and its gaining speed. If you are looking at cisco then go buy a second hand modular unit and then next thing is whats your budget. Then you can simply buy the eHWIC's / HWIC's at your leisure The 1941w would do the job ADSL HWIC's http://www.cisco.com/en/US/prod/collateral/routers/ps5855/product_data_sheet0900aecd80394b7e_ps5853_Products_Data_Sheet.html GBe HWIC WAN EHWIC-1GE-SFP-CU http://www.cisco.com/en/US/docs/routers/access/interfaces/software/feature/guide/EHWIC_1_GE_SFP_CU_FM.html You could even grab a 3G HWIC as well and run both or all three DSL / NBN / 3G But its all not cheap at all, personally if it was me and you didn't want to spend 1.5K + on a home router (if you have intentions of doing some form of cisco study path then go for it) if not then do the following 1) Buy an HP micro server + some ram 2) Buy the management card for it - I like remote management of servers (and its cheap) 3) Buy a dual gbe nic HP nc360T intel 1000pt etc 4) Buy some decent non green crap hdd's 5) Buy a nice little POE gigabit switch which supports jumbo frames and maybe tree span / vlan's / lacp 6) Buy some cheap little POE ap's 7) Use a DSL modem in PPPoE bridge mode to the internal integrated nic 8) IP phones 9) Download something like clearos / pfsense etc etc The above builds a server which could run Very hard firewall Radius Portal Content filter IDS / IPS / HIDS VPN Storage server / nzb - torrent server / gateway server / security DVR server / DLNA server etc etc Pabx And some of you will read the above and go gfto, sure I understand and I do...but if you are going to run NBN are you going to use copper pairs for your phone? So providing for a voip phone system is ideal. You get a nas and you are getting allot of control over what comes in and what goes out of your network. You could try to get an all in one device which will offer gbe wan / wireless / gbe lan saving some dollars but you don't get as much broad functionality. A draytek Vigor2850Vn will do it |
Haha well didn't this thread get out of hand
I love how you completely overdo everything jase hahaha |
Herbal, Red.
I'm looking to do some 'overbuilding' myself, are there any relatively straight forward tutorials for setting up windows domains? (or is someone likely to reply, "Yea, they're called the 'Win 2008 R2 installation wizards'?) |
Where did that XBox 360 link come in my OP... wierd. Google "Disable Viglink" and say goodbye to it. |