How to protect your childs from porn

Deutsche Übersetzung hier.

Why i do that?

my doughter will start to use the Internet. A horrible vision. The best idea is, just do do it with her together and learn her to use the Internet the right way. Okay, but i want to have also a secure way to allow my daughter to use the Internet, when i am not at home.

For this reason i thought about to use a Proxy Server in my home Network with a filter engine. After a short search i decided to give ipfire a try. But i wanted to have it power saving, without installing a PC,  easy to maintain, and (of couse) as cheap as possible. Followed i will describe my journey to configure ipfire on an embedded device with a squidguard.

The Hardware

Aftera a little bit of duckduckgoing 😉 i found the ALIX Board from PCEngines. PCengines is a swiss manufacturer and you have to find a reseller to get the Hardware. In my case it was Varia-store.com.  After playing a while with the System i saw that the Board is really ultra-slow and it is not possible to install a squid-guard on it without modifing the underlying Linux System. The reason for that was the compact Flash Card which is used as storage. If you have many write accesses to the compact Flash Card, you will have to replace the the Card once time per year.

After that experiences i sended it back and ordered a APU 1D4 System, also from PCEngines.ch with a 16GB mSata Storage. This System fits my requirements, so i will describe now, how to Setup the IPFire on that Hardware and configure it to hold porn and criminal content out of your house.

Before we start, i will present you the Hardware with a few Pictures. In Addition to the board, i bought a USB Serial Adapter with a Serial cable to connect to the device.

Diese Diashow benötigt JavaScript.

It was a little bit tricky to install the cooling assembly (the blue board on the left side on the picture with all components). Here you will find a short instruction.

Serial Connection

At first you have to configure the Serial Connection to the APU device. Connect Your USB-Serial Adapter and start the device Manager and a terminal Client of your choice (You can download it as portable). Do not start the Alix System. In the device Manager you can see, what COM-Port is used for the adapter.

COMPort

As RoyalTS-fan i use this tool connect to the APU System. Create Serial Connection, select the COM Port and a BAUD-Rate of 115200 Baud.

Capture_SerialPortConfig

After open the connection, you can connect the APU Board to the power start it up. When everything is fine, you see the startup of your APU Board and after a while you can see the following screen.

Capture_Connected

Install the Image

I tried first to directly download the ipfire Image with iPXE, but it failed. The download was successful, but the boot menu doesn’t opened. So i decided to install IPFire from USB Stick.

  • Download Win32Disk Image from here
  • Then download the IPFire Serial console Image from here

Then use „Win32 Disk Image“ to write the Image to the USB Stick.

Capture_WinImage

After that press „b“ or „c“ in the APU console and afterwards „E“ to save this to BIOS. Then you can Access the boot menu and start your APU from the USB Stick. The IPFire System will start. Possibly it is needed to restart the APU and the IPFire will start again. No worries, just do it 😉

Install and configure IPFire

After a while, IPFire will start with it’s Setup installer. At first you have to configure the Keyboard Language, Region, the Hostname of the IPFire System and the Domain Name.

Diese Diashow benötigt JavaScript.

After that you have to specify the Passwords for the root user and the admin user you use, to Access the web console.

The next step is to configure the Network type. For a Standard APU System you can use GREEN + ORANGE + RED. GREEN is for your internal Network, ORANGE for a DMZ and RED for the public Network (the uplink to your router). If you want to use one Interface for a WLAN you can choose BLUE instead of ORANGE (which will give you other options for the Interface in the administration console). It is also possible to add a WLAN Adapter to the APU, in this case you can choose GREEN+RED+ORANGE+BLUE.

The next step is to assign the physical Network Cards to the configurations. In my case the lowest MAC Address was the Network Card on the left side (near to Serial port). I assigned the NICs to the configurations and labeled the APU afterwards.

Capture_SSH_IPFire_Setup08_CardOverview.PNG

WP_20160520_12_21_10_Rich.jpg

After assigning the NICs you have to configure the IP Adresses in the „Adress Settings“. In my case, the router is configured to 192.168.24.1. I configured the RED Interface to 192.168.24.2 and assigned 192.168.25.2 to ORANGE and 192.168.26.2 to GREEN. Following you see the static configuration of my RED Interface.

Capture_SSH_IPFire_Setup13_AdressSettingsREDIP

Now you have to configure the DNS and Gateway Server. In a normal Home-Network you can use your router as DNS Server, he will rorward the DNS requests to a public DNS Server.

Capture_SSH_IPFire_Setup15_DNSAndGateway

The last step is to configure the DHCP Server. You can modify the configuration in the Administration Console afterwards, but it is useful to do an initial configuration to test the Network Interfaces.

Capture_SSH_IPFire_Setup16_DHCPServerAfter configuring the DHCP Server the  APU will reboot and your IPFire System is configured. Now connect the RED Interface to your home Network, and a testsystem to the GREEN Interface to do the configuration.

The configuration

To open the admin Interface you have to call the URL…

https://<ipaddress&gt;:444

… and logon with the previously configure admin account.

The Proxy configuration

To enable the Proxy Server you have to navigate to „Network -> Webproxy„. Activate the Option „Enable on green“ to activate the Proxy. With the Option „transparent on green“ the IPFire System will Redirect all HTTP traffic over the Proxy without the need to configure the Proxy on every end-user device.

IPFire-Proxy02

If you have a system with a little bit more power you can increase the „Number of filter processes„. For my APU system i used the following values:

IPFire-Proxy03.PNG

Proxy filter configuration

After activating the Proxy Server, you can configure the Proxy Filter.

Navigate to shallalist.de (or a list provider of your choice) and Download the current Version fo the list.

Then go to „Network -> URL Filter“ in Your IPFire Configuration site and scroll down to „URL filter maintenance -> Blacklist update“ and Import the blacklist. Regarding to you System, that could take while.

IPFire-URLFilter01
After the Import of your blacklist you have to scroll up. The list URL filter categories is now refreshed and Shows all categories provided by your filter list. Select the categories you want to block.

IPFire-URLFilter02

Scroll down and click on „Save & Restart“.

Now you can open a Webbrowser Windows and try to open a URL which shoul dbe blocked.

IPFire-URLFilter03

If this was successful, you can scroll down again and configure the „automatic blacklist update„.

 

 

 

 

Advertisements

3 Gedanken zu „How to protect your childs from porn

  1. Sehr schöner Artikel, aber du solltest vielleicht noch die Block Message auf Deutsch umstellen.
    Und vielleicht Ipfire gegen eine PFSENSE austauschen 😉
    Alternativ noch Netze separieren um vorzubeugen, dass genau das eine Mal wenn du etwas machen möchtest, der Filter dir dazwischen funkt und du doch alles mal wieder ausschalten musst.
    Deswegen lieber den Filter für IP Adressen oder netzsegmente oder gleich komplette VLAN’s

    just my 2 Cents

    Gefällt mir

    • Hi,
      ja pfsense habe ich auch getestet, genauso wie IPCop. Letztlich erfüllt alles seinen Zweck. Weiteres Finetuning kann man natürlich machen, aber das wollte ich in einem Blog Artikel dann auch nicht mehr beschreiben, hier geht es ja darum, es erstmal möglich einfach zu gestalten.
      gruss Dave

      Gefällt mir

  2. Pingback: Wie schütze ich meine Familie im Internet? | Crankdesk…

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s