blocking a device / parental settings.

[takitezsdc]

ok guys i need some help please.? I have 2 teenagers 13 and 14 and i have been doing my best to block all the porn or bad stuff out there ( I know one day they gonna see it but not under my roof! ) and i cant seem to figure this out.

Every time i block thier device, ( laptop or iphone) they either change their IP address and they can access the internet easily. I have to parental settings to Global Filter Mode " router" and I have DYNDNS or i use one of the pre selected channels that is built in . HOW the heck are they doing this? and how can i block them for just picking a new ip address? Why cant we set the parental controls to MAC address so they cant do this vs ip?

Secondly, i recent found VPN on tier iphones and laptop, to shey are just bipassing all my security. SO how the heck can i set this up so NO one can use VPNs on my home network and prevent them from changing their ip address and bypassing my parental settings? I would think that that is a common feature that would be in all routers.

 

[nobody13]

How more you will block them and watch them what they are doing online they will find out bypass your security. Talk with them about. Or one day you can find some videos on youtube from your bedroom." Papers" porn you can't block anyway. Kids from "digital ages" are smarter then as from "analog ages". When we are parents we forgot that we had been teenagers too.

 

[wocram]

Seems like your teenagers are pretty much ahead and well informed about ways to circumvent your measures.

When they know how to change ip addresses manually and about VPN, they are not far off finding out that MAC addresses of devices can be spoofed pretty easy as well, so filtering on MAC addresses will (most likely) not help your defence..

 

[jbodine74]

Give Open DNS a try. Its free. If you are using Merin's firmware, in the WAN settings, change your DNS to Open DNS then go to AiProtection, DNS Filtering. In here you have a choice of 4 filters. I use OpenDNS Family and add my kids to the client list. On Open DNS website you can set even more filters if you want. Its super easy to setup. They even have a program that will keep your IP address updated.

 

[takitezsdc]

but guys...that doesn't answer my question. There has to be a way to block their devices if i want to block them for a certain period of time or whenever? Why dosent parental features work if they change the ip....its uses MAC address. and why is there a setting for " force router " under DNS settins then? It says ""Router" will force clients to use the DNS provided by the router's DHCP server" but obviously it doesn't work. I would think there is a way to prevent them from changing there IP to circumvent them from getting around security. I mean that means any device even know i block them by IP can get in by simply changing an IP? Seems odd.............

AND I appreciate your input on my kids ....but trust me, I am a single father and am doing the best I can. Its not easy, my wife died of cancer and the kids have taken it very hard as well.

I just need to know how to prevent a device from accessing my network if i have a IP blocked or if i can block an Mac? What i don't understand is cant you set up your home network so that ONLY device that i have allowed by DHCP client be allowed on network? I mean it seems a bit crazy, lets say i have a party and have 3-4 people ask me for wireless connection and I enter my pw ( which they wont have. if i do it ) but now they are on my network. HOW would i get them off if their device stored my PW, they could simply change there IP and have access to my network at any time until I change my wireless password? come on that cant be right..........

I also want to know how to block VPN connections ? cant I block some ports that are needed for VPN? or something?

I have OPEN DNS and they simply circumvent it by using VPNs.....so that dont work. Help please?

 

[takitezsdc]

Give Open DNS a try. Its free. If you are using Merin's firmware, in the WAN settings, change your DNS to Open DNS then go to AiProtection, DNS Filtering. In here you have a choice of 4 filters. I use OpenDNS Family and add my kids to the client list. On Open DNS website you can set even more filters if you want. Its super easy to setup. They even have a program that will keep your IP address updated.

But they go around that and use a VPN on there phones. lol.yea they are smart.........how can i block VPNs ?

 

[jbodine74]

To block VPN, you could go to the WAN tab, NAT Passthrough and disable all of the options. I'm not sure what else this will effect though and I do not know what they all do. Also, under LAN, Switch Control, NAT Acceleration can sometimes cause Parental Controls not to work properly. You could disable that and then check the parental controls. In the attached photo I see there is a option for MAC and IP address Binding and Block Internet Access. I'm sure there are a lot of ways to do this I just do not know all of them. I have a 7 and 10 year old that i have contained pretty well but soon they will be doing the same stuff. I will do some more research and see what I can come up with. Check out the Circle by Disney. Not sure if this will help: https://meetcircle.com/circle/

 

[takitezsdc]

To block VPN, you could go to the WAN tab, NAT Passthrough and disable all of the options. I'm not sure what else this will effect though and I do not know what they all do. Also, under LAN, Switch Control, NAT Acceleration can sometimes cause Parental Controls not to work properly. You could disable that and then check the parental controls. In the attached photo I see there is a option for MAC and IP address Binding and Block Internet Access. I'm sure there are a lot of ways to do this I just do not know all of them. I have a 7 and 10 year old that i have contained pretty well but soon they will be doing the same stuff. I will do some more research and see what I can come up with. Check out the Circle by Disney. Not sure if this will help: https://meetcircle.com/circle/

thanks .......i have nat accl off so that has not helped. but any help would be appreciated.

 

[wocram]

Did you try the by jbodine74j suggested settings on the "WAN > NAT Passthrough" page!?
PPTP Passthrough > Disable
L2TP Passthrough > Disable
IPSec Passthrough > Disable

Or try to manually block the following ports to prevent VPN usage:
PPTP VPN: TCP 1723
L2TP VPN: UDP 500, UDP 1701, UDP 4500

 

[takitezsdc]

ok i tried the suggestion by jbodine74 and yours.....its this right?

I didn't want to put an ip cause they can just switch the ip.....i hope that is right?

 

[wocram]

ok i tried the suggestion by jbodine74 and yours.....its this right? View attachment 7619


I didn't want to put an ip cause they can just switch the ip.....i hope that is right?

Yes that seems (almost) correct..

.. I just tried it here on my router and it doesn't seem to work without specifying an IP address(es).

You can cover your whole network IP address range like this; "192.168.1.1/24".
The IP address should be the address of your home network, the "/24" rule will cover All 254 available ip addresses of your network (assuming it is a "Class C" with network-mask 255.255.255.0).
The router will only allow them to choose from one of these 254 IP addresses (through DHCP or manual).

You could add TCP port 1194 which is used standard by OpenVPN.

Best is to test if it works by trying a VPN service from one of your own devices.

 

[ChatmanR]

Why not give them static IPs based on mac address? Click on the clients ROUND BUTTON on the main page. Find the device. Then setup MAC and IP address Binding. Then go to Parental Controls>DNS Filtering. Add them to your list and choose the most restrictive DNS setting on your list? I use ADGuard DNS for that and also cut off the internet at a specific time based on age or punishment/reward.

 

[wocram]

Why not give them static IPs based on mac address? Click on the clients ROUND BUTTON on the main page. Find the device. Then setup MAC and IP address Binding. Then go to Parental Controls>DNS Filtering. Add them to your list and choose the most restrictive DNS setting on your list? I use ADGuard DNS for that and also cut off the internet at a specific time based on age or punishment/reward.

Even when IP is binding to MAC on the DHCP Server page, it is still possible to request a different IP address manually (just tried it on my Android phone). Beside that, it is easy to spoof (fake) a different MAC address as well.

 

[takitezsdc]

Guys is it me or is this just strange that there is not something that allows us to block what people can access on your network ? I mean i always just thought it was easy to do......blocking an ip or mac or setting up the router so anyone asking for a new IP address that they would have to get admin approval? I see a commercial on TV every day about how kids are able to access the most horrible things.......and there is nothing we can do? It seems so simple but its far from that I am finding out.

 

[wocram]

Guys is it me or is this just strange that there is not something that allows us to block what people can access on your network ? I mean i always just thought it was easy to do......blocking an ip or mac or setting up the router so anyone asking for a new IP address that they would have to get admin approval? I see a commercial on TV every day about how kids are able to access the most horrible things.......and there is nothing we can do? It seems so simple but its far from that I am finding out.

General users that have no intention (nor knowledge) to go around implemented network rules are possible to block.

Better informed people (like your kids) who put their goal to go around these measures are (more) difficult to block.

China is trying for many many years to "shield their citizens from harmful content" and they can still not achieve this

 

[takitezsdc]

then how does N Korea do it?

 

[wocram]

They just block all internet for most people, only Local Network allowed for the normal populous..
https://en.wikipedia.org/wiki/Internet_in_North_Korea

 

[takitezsdc]

Yes that seems (almost) correct..

.. I just tried it here on my router and it doesn't seem to work without specifying an IP address(es).

You can cover your whole network IP address range like this; "192.168.1.1/24".
The IP address should be the address of your home network, the "/24" rule will cover All 254 available ip addresses of your network (assuming it is a "Class C" with network-mask 255.255.255.0).
The router will only allow them to choose from one of these 254 IP addresses (through DHCP or manual).

You could add TCP port 1194 which is used standard by OpenVPN.

Best is to test if it works by trying a VPN service from one of your own devices.

Is there a way to set my IP with no filters? I tried that in parental DNS settings to " no filter " for my IP and it still blocks me from my facebook. So lets say I have ban facebook for 30 days..... for my sons. I do that by adding it to my DYNDNS internet guide.....it blocks it on my all the IPs form facebook on router. Which is my intent due to them keep changing there IP address.......but then i cant access it either. Is there a way to say give a " IP " total access while blocking others?

 

[takitezsdc]

They just block all internet for most people, only Local Network allowed for the normal populous..
https://en.wikipedia.org/wiki/Internet_in_North_Korea

i wonder if they have there own FACEBook? lol

 

[wocram]

i wonder if they have there own FACEBook? lol

Maybe they have "KIMbook", hehehe