So recently I was wanting to get my daughters devices routing over the same wifi network as the whole house, as I do have a rather nice Ubiquiti UNIFI Wifi network in my home. I wanted her to connect to this instead of a seperate wifi AP. And so it began.
I make use of a Virtualized Debian server with minimal spec to run my unifi cloud controller. Much easier and cheaper than purchasing a cloud key.
I also have a PFSense Physical Appliance with 4 x Gigabit ports and I decided to use this combined with Open DNS (Cisco Umbrella) to build a secure and safe gateway and DNS solution for my daughter at home. I did not want to break any of my existing network services but wanted her to connect to the home wifi which resides on VLAN2 in my network.
The Next step was to ensure that her devices, a Galaxy Tab 2 10.1 received the same IP address but a different Gateway with different DNS settings to ensure that she hit Umbrella and this firewall.
I also wanted to make sure that she did not have full usage of my 200Mbps / 200Mbps Fibre link as I run several labs and services off of the same link. So I implemented some throttling on the PFSense devices as below to give 4Mbps down and 1 Mbps Up.
This actually works perfectly. I am starting to really enjoy using PFSense. I actually use PFSense as my main Cloud Firewall alongside a Sophos XG Virtual Appliance and must say it really is easy to use. But the XG still makes certain things very easy.
I then updated the DHCP to give her a static IP on my Core Mikrotik. I went a step further to ensure that just her IP address recieved a different on net gateway and DNS Server, being the PFSense.
I then added some rules on my Mikrotik firewall to enure that even if she gave a static IP, she would still route this way.
The next issue I had was google search still allowed images in the results to show full blown porn etc. The next step was to enforce safesearch etc.
This was done by enabling DNS Fwder on the PFSense seeing as all her DNS requests where being sent through the PFSense to Cisco Umbrella.
I then added static entries for google, forcing all searches to be sent to the SafeSearch IP Address.
This sorted out any last reserves I had with giving her access back onto the internet. She is now back online and able to surf safely and securely.
I can also login to Open DNS Umbrella and check what sort of searches she has been up to. This ensures that she also behaves herself.
The last thing, if you have Dynamic IP’s from your ISP, then you will need to have an update client connected to OpenDNS. My PFSense has this built in and I use it even though I have Static IP Addressing.