Question Wired router with good/easy to set up filter -recommendations?

Sesame

Junior Member
Jan 23, 2013
13
0
66
Can someone recommend me a good router (cabled) which has the ability to set up various Internet filters relatively easily?
I'd like to for instance block certain sites for a specific computer and I assume I can use that computer's IP or MAC address to differentiate between it and other computers attached to the same home network.

We already have a Cisco RVS-4000 router which has worked realiably for years, but its filtering option is a joke and it apparently has several security flaws which won't be adressed as it's no longer supported. A Zyxel GS-1100 switch (16 ports) is attached to the router for attaching to multiple computers etc.
 
Last edited:

Sesame

Junior Member
Jan 23, 2013
13
0
66
So OpenDNS is an online filtering system which, once configured makes all Internet-traffic go through some alternative servers instead of just the ones your service provider has?

Given that this service is free (at least their "OpenDNS Home" option which appears to do what I want: allow me to choose specific websites which should be blocked), will that mean slower network access, and how about data gathering/privacy issues?
Also, would I be able to filter just one specific IP or MAC address in our home, or would such a filter affect everything connected to our exisiting router + switch setup?

SamirD: we're using the Cisco RVS-4000 in a home environment, not office. We just wanted to buy something quality which didn't fall apart after 2 months, and at the time this appeared to be a good choice. I didn't think about the need for a filtering option, but now that we need one I can see that it's clearly flawed and nobody has been able to help figure it out.
I don't recognize any of the brands you mention -are they more for the business market than home/small business? What is UTM?
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Will the traffic go through some alternative servers? / Don't think so, it's not a VPN service.
data gathering/privacy issues? / It's a Cisco company.

Also, would I be able to filter just one specific IP or MAC address in our home, or would such a filter affect everything connected to our exisiting router + switch setup? / For that, you probably need pfsense or the firewalls suggested by @SamirD
 
  • Like
Reactions: SamirD

mv2devnull

Golden Member
Apr 13, 2010
1,495
143
106
DNS resolves hostnames into IP addresses. The thing is that when you query your DNS server, it will reply directly if it has answer, but if not, then it asks from another DNS server before replying to you.
If you set your DNS server to resolve "www.microsoft.com" into 127.0.0.1, then writing "www.microsoft.com" is same as writing "localhost", which also resolves to 127.0.0.1 -- your own machine. Your server will have answer for "www.microsoft.com". Not honest answer, but the one you want.

Does that slow down? Should not.

In principle you can configure a DNS server to reply differently to one specific machine in your subnet. However, then you have to also block access to other DNS servers.

On configurable firewall you can filter with IP and MAC addresses; apply rule to specific case.
On DHCP server you can dictate who gets an IP address at all.
To have scheduled rules ... sounds fancy.

Clever user sets IP address manually and masquerades MAC address too.

On managed switch one can disable ports.
 

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
SamirD: we're using the Cisco RVS-4000 in a home environment, not office. We just wanted to buy something quality which didn't fall apart after 2 months, and at the time this appeared to be a good choice. I didn't think about the need for a filtering option, but now that we need one I can see that it's clearly flawed and nobody has been able to help figure it out.
I don't recognize any of the brands you mention -are they more for the business market than home/small business? What is UTM?
Those brands are all enterprise level equipment. UTM is Unified Threat Management--something enterprises use to filter and control everything in and out of their network.
 

Sesame

Junior Member
Jan 23, 2013
13
0
66
Thanks for all the explanations.
OpenDNS seems, at least in theory, like a useful solution, but common sense tells me that "free" is never actually free as confirmed here and here to mention a few sites of many I came across when searching for "OpenDNS privacy issues"). Needless to say I feel uncomfortable about setting something like this up.

So back to the hardware: can someone recommend me a cabled router which has the ability to set up filters? A Wifi router is OK as well, just as long as Wifi can be turned off and it can also be used for wired networks.
"Enterprise" type routers sound expensive and complicated. This is just for a home, but I still want something reliable and well built, so not the bargain basement stuff ;)
 

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
"Enterprise" type routers sound expensive and complicated. This is just for a home, but I still want something reliable and well built, so not the bargain basement stuff ;)
They're not if you look in the right places. In fact, probably even cheaper than the RVS you bought.

Generally, to have these type of features and to have them actually work, it needs to be enterprise equipment or pfsense. Nothing in the consumer area does a really good job at this, even when they are expensive, say they do, or both.
 

Sesame

Junior Member
Jan 23, 2013
13
0
66
I believe you're right, SamirD, as I've searched for "router parental control" and it all appears to be based on online subscription services. Fancy features but I assume similar to OpenDNS where the online traffic goes through the server of that service.

i'm looking for something much simpler, and built into the router itself. For instance, I want to block "youtube.com" but let all other access through, and to affect only a specific computer on the network. I thought the "Internet Access Policy" (within the "Firewall" section) of my Cisco RVS-4000 would handle this, but apparently not.
Which specific enterprise router would you suggest?
 

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
Yeah, there's a lot of demand for this type of feature in the home, but due to its underlying complexity to fully implement, no one really does it cheap. Personally, I have not seen many of the offerings myself other than our watchguard, but generally UTM packages will include it and will be quite robust.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
DNS is like 411 or 555-12-12 directory service, you only query it with it with website name, and it will tell you the IP address of that website so your PC can visit it. Your traffic will not go through it. What OpenDNS does is that it just won't tell your PC the IP address of a website so the PC can't visit it.

If you don't want to forward DNS queries to well known public DNS servers, you have to run your own DNS resolver.

There are way too many routers on the market and no one can keep up with what features they provide.

For open source firewall/routers, you can consider consumer routers that can be flashed with 3rd party firmwares
1. DD-WRT https://forum.dd-wrt.com/wiki/index.php/Supported_devices
2. FreshTomato https://freshtomato.org/
or x86 PC based pfsense/etc.

there are many tutorials on youtube.

It becomes complex when you want more features and you want it for free.
 
Last edited: