What's new

Is there an inexpensive solution for school web filtering?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Tyler McDowell

New Around Here
There is a very small rural school, Pre-K to 5th grade, with less than 50 students total, 4 teachers, secretary, and part-time principle. I help them out by doing simple network/computer things as a volunteer. I don't take any money. Most of the time, if it is inexpensive, I pay for parts out of my own pocket. If anyone wonders, I don't have any kids in the school.

They need a new firewall that can block porn. If they cannot find one they can afford, they have to disconnect the internet. If at all possible one without a yearly subscription would be good. Could someone offer some advice?

Here is the topology: The ISP has arranged to mount an antenna on top of the school for Wi-Fi coverage of the surrounding area. From the ISP's equipment, a Cat5e cable goes into the current firewall and from there to a 20 port switch. There is a networked printer/copier, 7 staff computers, and 8 for the students. There is no Vlans. Everything is on one network.

The students use the computers for general research in the upper grades (4-5) and educational videos/games. The teachers use e-mail and online certification courses.

The only requirement is to filter porn and proxy sites that can be used to get to porn.
 
First thing that comes to mind is OpenDNS - which has options here that'll go a ways towards meeting your needs - and that's easy enough for a start... be mindful that 3g/4g/LTE on mobile phones can override DNS by using the wireless carrier DNS.

OpenDNS
208.67.222.123,
208.67.220.123

There are other DNS providers that provide similar services;

Norton ConnectSafe
Primary DNS Server: 198.153.192.60
Secondary DNS Server: 198.153.194.60

MetaCert DNS
Primary DNS Server: 184.169.223.35
Secondary DNS Server: 184.169.223.35

SafeDNS
Primary DNS Server: 195.46.39.39
Secondary DNS Server: 195.46.39.40

SentryDNS
Primary DNS Server: 152.160.81.10
Secondary DNS Server: 70.90.33.94​
 
Make sure you test out any solution before going live. Web filters often fail when it comes to filtering search results, images in particular.
 
OpenDNS would be my first choice (since it's customizable). Beyond that, you might need to go with some form of web filtering. I always liked Trend Micro's solutions in that area. Might be worth considering if OpenDNS isn't sufficient.
 
OpenDNS would be my first choice (since it's customizable). Beyond that, you might need to go with some form of web filtering. I always liked Trend Micro's solutions in that area. Might be worth considering if OpenDNS isn't sufficient.

I talked to OpenDNS and well.... seems they don't handle that. I talked to a nice lady and was told they are a "web security company" and I needed to look elsewhere but would charge $38 per computer....
 
Maybe the eBlocker would be the perfect solution for your needs - the price is still not to high, but the promise is big! And: It's a plug and play solution for any environment!

You can run the software also on your own Banana Pi M2+ which should give some performance boost, but I am still not sure if this is good enough for a whole school - but you can try for free (beside the need for the Banana Pi hardware)...

You can contact them to see if they would scale for your needs!? And maybe you inspire them to do so...
 
Last edited:
I talked to OpenDNS and well.... seems they don't handle that. I talked to a nice lady and was told they are a "web security company" and I needed to look elsewhere but would charge $38 per computer....
I'm confused. You just put the address (e.g., 208.67.222.123) into the school's router (firewall?) and it just works. You can test it (before changing your router) by configuring a PC with that address (overriding it from pulling an address for DNS through DHCP). (If you like the results you can then reconfigure the router or reconfigure all the PCs, whatever you're most comfortable with.) If the PCs are administered and the kids (and staff?) use guest accounts it should do a reasonable job.

I'm guessing you got some corporate speak from Cisco now that Cisco owns OpenDNS?

Since someone issued the decree is it possible they also listed some solutions? If no I'd simply move forward with OpenDNS. If yes and their solution is too expensive then consider it another unfunded mandate and move forward with OpenDNS anyway.

Who set up the existing router/firewall? Can you enlist any help from them?
 
Last edited:
@Klueless I think the issue is that the free OpenDNS offerings (Family Shield and Home) are for personal use only.

If you are a business (or school) then the cheapest service they offer is Cisco Umbrella which is $38 / user / year for 10 to 90 users.
I don't disagree (in fact I tend to agree) but when I looked they don't really spell it out that way. They seem to differentiate by tempting the business user with additional features. Also, when I clicked under free and personal, they bragged about schools using it (which kind of "implies" it's ok to do).

When I set mine up I simply popped the address into my router and suddenly ten users could no longer access porn dot com. It's not like I had to call anyone, do anything or ask for permission. If I was a business I'd definitely pay, if I was a poor rural school I'd just hook up ... what do us volunteers know anyway : -)
 
If I was a business I'd definitely pay, if I was a poor rural school I'd just hook up ... what do us volunteers know anyway : -)
I know what you mean, but sometimes schools can get into a lot of trouble if they're found to be using software/services illegally, even if they're not aware they are doing it.

As far as I can tell Norton ConnectSafe is still free for non-profit use.
 
I know what you mean, but sometimes schools can get into a lot of trouble if they're found to be using software/services illegally, even if they're not aware they are doing it.
Agreed.

(I looked at ConnectSafe, I like their 3-tiered approach. I think I will try it out for home. Thanks.)
 
Last edited:
m confused. You just put the address (e.g., 208.67.222.123) into the school's router (firewall?) and it just works.

He wants to block specific categories, which requires an account - unless the Family servers are already pre-configured to his liking.
 
Have you thought about configuring a pfsense box and using one of the packages for that? Another route would be to try sophos utm, but I'm not sure if that would fit in the licensing of a non-profit.

I know keyword filtering worked with the Cisco rv series, but I also know that https would get around that in a heartbeat.

You may want to take a different approach of blocking ALL traffic except that they need with just some routing rules.
 
Have you thought about configuring a pfsense box and using one of the packages for that?

Just checked the documentation, Dansguardian & Squidguard web filtering is included in PFsense. But as an ex-educator myself, i've learned that students will always find a way to circumvent any technical obstacle between them and content they aren't allowed to see. So apart from from installing any filter, make sure that teachers have a good view of the computerscreens. When the students were working on their PC's i always sat in the back of the classroom, having a good view of their screens. When students use laptops, make sure that they close their laptops when the teacher is giving instruction (typing notes on a PC is less effective than taking notes on paper, experts agree )

In short: Use PfSense and/or Cisco Umbrella, but do NOT think that these solutions are full-proof, so use a low-tech solution to monitor online activities, the eyes of a teacher are usually a very good option for this task.

Good luck!
 
Hmmm...I guess another way to watch all the screens is to make sure vnc is installed on all systems and it always on. Then you can just connect to all the systems and watch them in real-time if need be.
 
Thanks everyone for the input. It is really a big help.

I want to be as legal as possible. I also want it to be as simple as possible because if I end up moving across country for work, I don't want them to be stuck with something that only I know what it is and how to do it. Also, the school gets grants and gifts of various equipment that I don't always find out about and the teachers bring in their own laptops. Setting up something on individual computers is not the best idea.

Something I have found and am seriously considering is this:

Cisco RV320 Dual Gigabit WAN VPN Router with Web Filtering. There are a couple of The price is just with in the range needed and looking at the Cisco online Emulator for it, it seems to have the porn filtering covered. I am looking now to see if there are licensing fees for it. I am honestly not shilling for Cisco, I came across it and seeing if anyone has experience with it.
 
Hi Tyler,
I manage two RV320's (without the web-filtering feature) and i am not very impressed by these boxes. Especially when it comes to the VPN options. EasyVPN is not supported on Windows 10, SSL-VPN is not supported on 64 bit machines, the OpenVPN implementation is, well, @#$#%%#@$())*&*!!!!
So if you would like to use the VPN options in the future, Think again before buying a RV320.

One other thing, the reason the RV-320 is so cheap, might be that its successor, the RV340 is on sale since a few weeks, price on Amazon US$ 296.82. When i check the manual it comes with webfiltering and other (better?) VPN options... But if there is no need for a VPN, the RV320 is a reliable router.

Off-topic, Does your school use Google Suite for Education or Office365 for Education? Both are free for academic use.

Good Luck!
 
Off-topic, Does your school use Google Suite for Education or Office365 for Education? Both are free for academic use.

Good Luck!

The school doesn't have a need for VPN right now, so for the time being this shouldn't be a problem.

No the school does not use either Google or Office365. I will mention both to the school and let them decide if they want them. I have kids ranging from 11 to 3 grade in schools that have chrome books. My personal feeling is that the chromebooks are pushed way too much, way too early. Basic skills like spelling are being sacrificed on the alter of Google and teachers use the chromebooks as a substitute for classroom instruction. I am sure that somewhere teachers are using them to enhance their class, but it is too easy for the mediocre to bad teachers to use them as a crutch or excuse. That's a discussion for another day though.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top