I have been wanting equipment in my home to provide the following:
- Track all web sites that have been visited and provide reports for each computer in the house (reports should be available via email or a web page)
- Allow me to block or allow sites by category
- Allow me to block or allow sites by name
- Allow me to specify the specific times and days of the week that a device is allowed online or blocked (e.g. Mom’s computer can be online 24x7 but the kids’ computer and ipods are blocked at bedtime)
- Works for both wired and wireless computers
- Works for all computers on my network
- Is very difficult for the kids to bypass … even the technically savvy wiz kid in the house.
I’ve found a solution that meets all of these requirements. I had expected to pay for this level of service, but it is possible to implement this at no cost using an open source software appliance named untangle (www.untangle.com).
Best of all, untangle gives a number of advanced features in addition to what I want. It’s available for sale for schools, businesses, and other uses. If you find it helpful for you, please recommend it where you can so Untangle.com can continue to provide the free version of the software.
- 1 old computer (see details at http://wiki.untangle.com/index.php/Hardware_Requirements). Basically, you want something that was purchased after about 2004. It could be an older computer that you don’t use much any more. You want it to have reliable hardware, but it doesn’t matter if Windows has been running very slowly for a while.
- Another option is to purchase hardware from untangle. It’s more expensive, but pre-configured and comes with phone support to help you get going. (http://store.untangle.com/index.php/untangle-xs-appliance.html)
- Untangle Lite package (download from http://www.untangle.com/Lite-Package and burn it to a CD for installation
- 1 additional network card for the computer
- Optional: another additional network card if you want separation of your wired network and wireless network
Basic Setup - http://www.untangle.com/pdf/Download_QuickStart.pdf:
- Install the 2nd network card in the computer
- Download untangle and create CD
- Install Untangle on the old PC (I recommend the instructions for “router” at http://www.untangle.com/Deployment-Options)
- set up the internet connection on external interface
- set up the internal interface
- enable dhcp
- name all the PCs in your network and give them an address
- dns (use open dns)
Configure additional features: http://wiki.untangle.com/index.php/Initial_Setup#Common_Configuration_Questions
- set up web filter
- set up the captive portal
- set up reporting
(I haven't listed a lot of detail on how to set this up ... the untangle site has a lot of good information about that. If there is a lot of interest, I can expand this post).
The trick to getting a free "time based" filter is the captive portal (http://wiki.untangle.com/index.php/Captive_Portal). (Captive portal is what you see at many wifi hotspots - when you connect, you have to accept an agreement or give a credit card number).
What I've done is to require the captive portal for specific computers in the house. For example, the captive portal isn't required during the times after school when kids need internet to do homework. But, at 8:00 (bedtime), the captive portal takes over and requests a user name and password to allow internet access (only on the kid computer and ipod). I have an account set up for each of the kids, but they don't have the password. If they have a reason to be online, I'll tell them what the password is and they can quickly get online. Then, I'll change the password the next day or whenever I have time.
There is a better option - purchase the untangle policy module. But for my needs, the free captive portal option works - all I have to do is manage the passwords. I've found it to be a good way to help monitor the kids internet usage when they ask me for the password.
This system has great reports (http://wiki.untangle.com/index.php/Reports)
It tells me every site visited by each computer so I can see exactly what any given computer has connected to.
It's also possible to do detailed blocking such as allowing web site access while blocking instant messaging ... this sort of thing requires some technical configuration, but it's possible to do.