Controlling internet for home with teens

pceinc

Active Member
Reaction score
36
Location
Maryland
I'm curious to know what other IT parents are doing to control internet usage for your teens? This includes mobile devices as well. This is what I'm up against at in my house. I have a 13 year old daughter and a 15 year old son. The girl lives on Minecraft, Youtube, and Skype. The boy lives on Steam, Youtube, and Skype. Neither Skype with Video. Our ISP recently put a 200GB/mo bandwidth cap on our account level. I can get more but it will cost. The wife and I use less than 40GB/mo. The kids are blowing through GB's like it grows on trees. It's finally got to the point where I need to put a router in that will allow me to control the bandwidth per device as well as see reporting on each device on the network. I also need to have time restriction capabilities so they don't stay up all night. Naturally I want to do this on the cheap. My Linksys E3000 with DD-WRT recently died. I lost a PFSense Alix device due to lighting from a storm in the summer. Now I'm using a cheap Asus that does great for time restrictions but nothing else. I'm building an Untangle box today but it looks like I will need to pay for the Bandwidth control features that I want.
What other cheap options are there? I don't mind spending a little for a new router but I don't think I will get what I want with a consumer grade device.
 
We install K9 Web protect for our clients. It is free and works very well I also use it on my own kids laptops :)
 
The other features are probably more than you need, but Zentyal can do this with some configuration on your end.
 
I'm going to take a look at Tomato and an Asus RT-N16. It appears to fit my needs and is cheap enough to setup. I setup the Untangle box last night and got it working with the 14 day trials. I decided to provide 1.5gb/day quota to each of my kids devices(2 each). That's 180 out of 200gb allotted from ISP. I'll probably have to drop that down a bit because it doesn't leave much for the wife and I. I may also give them a monthly quota instead of a daily. So when they blow through the GB's in a week they will have none until the next month. This could turn out to be a great life lesson tool. Similar to someone blowing their paycheck and having to wait for the next one. Since the GB's in my house carries more weight than money I'm going to institute an allowance that is paid by GB's. I'll give them more GB's for doing chores and getting good grades on their report card. :p
 
Is there overages? I know there are some that have Data Limits, but there aren't overages, just warnings that you exceeded, with consequences after a few times.

Just thought I would ask. Back on Topic I would suggest untangle as well.
 
Yes, unfortunately there are overages. $10/50gb. We can pre-purchase more data for a discount. My overhead for TV, internet, and cell phones is already close to $500/mo.
 
As much as a fan of Untangle I am (for other reasons such as malware control).....I encourage you to find several articles over at Tim Higgins "SmallNetBuilder" site, they're called something like "Tame the Network Bandwidth Hogs". There are several articles named similar, some comparing other "off the shelf products"...but one or two focus specifically on PFSense.

There's also a great add-on for PFSense called "BandwidthD" which breaks down each users consumed traffic better.

If you're going to stick with the Asus router, there is an aftermarket firmware called "Asus Merlin" firmware. (Also Google up an article on that over at SmallNetBuilder). Encourage you to look at that firmware and its added features.
 
My PFSense box was working great with BandwidthD. Lightning had other plans. I may get another Alix device or load PFSense on the box I currently have running Untangle. My first choice is to use a small device rather than a tower with a PSU. I have enough power consuming devices in my house as it is.

I've not heard of Merlin, I'll have a look.
 
Last edited:
My PFSense box was working great with BandwidthD. Lightning had other plans. I may get another Alix device or load PFSense on the box I currently have running Untangle. My first choice is to use a small device rather than a tower with a PSU. I have enough power consuming devices in my house as it is.

I've not heard of Merlin, I'll have a look.

My favorite platform for PFSense that I ran for years.....
An old IBM Thinkpad laptop. I used a T20 and T40 series for many years. IBM uses solid onboard NICs (important if you really want to use the bandwidth shaping features in PFSense well)...and just jam in a PCMCIA NIC for the second NIC. And of course since it's the most traditional biz grade laptop out there, all onboard components are very well standardized and supported well in *nix (or freeBSD in PFSenses case...cuz if you call PFSense a linux distro linux purists will rip your head off since FreeBSD is different)

What's nice about using a laptop for firewall?
*Built in KVM
*Small form factor
*Low power consumption and noise
*Built in battery backup!

Using an old IBM Thinkpad T series...they're the Ford F350 pickup trucks of the laptop world...so they last forever.
 
I certainly have enough junker laptops hanging around I could do the same. It's shaping up to be a good day. I was able to unbrick the e3000 this morning. I took another look at the pfsense Alix device and was able to switch the WAN port that was fried to the 3rd NIC on the Alix. Now I can use the pfsense again. I had previously setup traffic shaping to limit the kids bandwidth usage. Going to see if I can setup some quotas. Looks like I'll be tweaking the home network during the pending snow storm tomorrow. The Asus is also due to arrive today so I may give that a look as well.
 
One word: OpenDNS

Open DNS is great for what it does and being free , but my kids know enough to change DNS servers and IP addresses. I needed something that will allow time limits, bandwidth control, and quotas by MAC address. Untangle is working great but when the trial runs out in 2 weeks, I'll need to use something else. Right now it looks like the Asus RT-N16 with EasyTomato or PFSense is my best option. I will be loading the Sophos software mentioned in the other thread. Did not know about that. Looks like a viable alternative.
 
Open DNS is great for what it does and being free , but my kids know enough to change DNS servers and IP addresses..

You could put them on Standard user accounts (not administrative) and take away their "right" to change LAN settings.

RUN>GPEDIT.MSC

User Configuration/Administrative Templates/Nework/Network Connections ...Set "Prohibit Access to properties of a LAN connection" to ENABLE

These are Windows 7 settings...Not sure how it would look in XP, Vista or 8
 
I wanted to let everyone know what I ended up doing here. Untangle proved to be the best solution and provided the most versatility for configuring restrictions for my teens. Playing with the quotas, QoS, and Captive Portal were all fun over the holiday break.:D However, I can not see shelling out $540/yr for this in my home. I even signed up with Untangle as an MSP and can get the package on NFR for $199/yr but it's still too much for my home network. I'm actually setting up Untangle for two clients who have satellite internet and need to control bandwidth for employees. 25gb/mo for a business with 10 employees is not much. Untangle will work perfect for this.

Enter Gargoyle firmware and a $50 TP Link gigabyte wireless router. I did have to do some searching for a compatible hardware version under v2 but found it at Newegg. Flashed the firmware to the TP link and I now have a perfect and inexpensive solution for my home network. Quotas can be setup for daily, weekly, or monthly time frames. I created several IP ranges for each kid and put a total 50gb quota on all devices for each kid. This way I don't have to manage each device which would have been 6 total. I only needed to setup 2 quotas total. This in addition to time restrictions ensures they don't waste their life away on the interwebs.

Gargoyle is an openwrt firmware and works with several low end routers. I also found out my cable company was shorting me 50GB/mo because they did not include the telephone service with them. So I have 250GB/mo and a way to control it with all users.:)
 
I wanted to update this thread with my experiences in controlling my teens and their devices over the past year. My daughter just got her cell phone back after having it taken away for close to a year. I had to get police involved with an issue that required I take her phone away. I won't go into details but I'm sure you can imagine what I'm referring to. My daughter is a honor student as well, so don't let the shy introverted personality fool you when raising your own children. I've taken an approach to block everything except for approved access only. This includes times, numbers of friends, downloaded apps, email, etc... I set restrictions on her phone so that only apps can be deleted by me. Apps can also only be installed with a password but there is a flaw in iTunes setup that allows you to download a previously purchased app without the password. So at least I'll see what has been installed when reviewing phone use.

My son will still waste his entire day playing games online if I let him. Hence the reason for this update. I recently had to upgrade a clients Sonicwall to a new model after some changes in their network. I kept the old unit and decided to renew the security suite license and install it at my house. Imagine the look of horror on my son's face when I came home and set it on the kitchen table. :D He is 17 now and has been helping me do some work in the field like cabling and basic network stuff so he hears me talk to clients about network security and knows what a Sonicwall is because they use them in the schools. I first installed it and did not set any policies other than putting him on his own subnet. I can only imagine the garbage his computer has on it. I don't touch it, it's all his. If it breaks, he figures out how to fix it. If it's infected, the only help I will offer is "I guess you need to wipe and reload". He was previously subnetted with his own router because I caught him changing his MAC address to get around the Gargoyle restrictions. I admit I was proud he took initiative to learn but disappointed it was for the wrong reasons. Anyway, looking through the Sonicwall logs I see a bunch of VPN activity and anonymizer activity. After a couple of days of watching I set the policies.

The first policy I set was CFS for a bunch of categories he doesn't need access to. I then added a slew of URL's I don't like and don't want him visiting. I then set a schedule of when his subnet has WAN access. 12-4pm and 6-11pm. This is more than I want to allow but it is summer so I'm being generous. When school starts back, it will be restricted a lot more. I also added some bandwidth throttle because he will consume 100% if I let him. When reviewing the App Flow monitor I notices a lot of torrent traffic. Blocked! The last thing I wanted to restrict is bandwidth quota. The Gargoyle was great for this since I can set a GB limit and it will track it on a period I specify. Sonicwall is lacking in this aspect. The only way I could do it is with Guest Services. It's not ideal but it works. Setting up Guest Services basically requires a browser login for Internet Access. It then provides a session length with a MB quota, currently set to 999MB. A session can't have more than 1GB.

I also have the wifi setup with VLAN's for both kids subnets. I use a Ubiquiti AP which works real well with Sonicwall VLAN's.

So that's basically it, for now. Interested in what others are using to control their kids or clients kids.
 
I'm STILL just running Tomato firmware on the e3000 router....for the QoS and bandwidth choking.
The boy moves out in 1 month...getting his first apartment, so I can relax the bandwidth choking as he was the huge downloader.

As for the daughter, age 12, she's more into youtube videos, minecraft, and texting/snapchat/etc on her cell phone. Honesty and directly asking her is her moms approach. Not going to spend my time and effort doing some "big brother is watching" thing at home.
 
Back
Top