Is a Linksys RV082 sufficient

[KENNYB]

A friend of mine is looking for something that will limit internet access on 8 computers to only 5 websites. Each computer runs XP Home with no central server so a software solution is ruled out (some user's may be savvy). Also, these computers hook up to a Covad router/modem which tech support will not allow access to (Covad insists on managing it, and if we set it to default we are on our own) so messing with the Covad hardware is out of the question right now.

I have a WRT54 that i'm going to play with which i know will do what my friend needs, but he prefers a more OEM approach so a future tech can also configure the router (yeah... i know...lol). Anyway, is the Linksys RV082 sufficient? Will it do what my friend wants?

 

[cyr0n_k0r]

why get a dual wan router if you just want access restrictions?

doesn't make sense.

 

[JimmyNeutron]

A friend of mine is looking for something that will limit internet access on 8 computers to only 5 websites. Each computer runs XP Home with no central server so a software solution is ruled out (some user's may be savvy). Also, these computers hook up to a Covad router/modem which tech support will not allow access to (Covad insists on managing it, and if we set it to default we are on our own) so messing with the Covad hardware is out of the question right now.

I have a WRT54 that i'm going to play with which i know will do what my friend needs, but he prefers a more OEM approach so a future tech can also configure the router (yeah... i know...lol). Anyway, is the Linksys RV082 sufficient? Will it do what my friend wants?

Let me see if I understand you correctly. Your friend wants to limit access to eight computers to only 5 websites WHILE at the same time allow all other computers that are connected to have no rectrictions at all?
Most retails routers don't allow this level of customization. You can restrict access to when they can get onto the internet, but not sure about whitelisting those five websites only.

You may need to spend more money for a router that offers more features for parental control.

BTW, what make/model of DSL modem did Covad give you?

Thanks!

 

[KENNYB]

JimmyNeutron,
Yup, it's the reverse of what most low end home routers offer. Deny everything except 5 websites. I thought that model offered this option, but i think i'm wrong. These 8 computers will be connected to the same piece of hardware which in turn will connect to the Covad router/modem. The Covad unit has 3 other ports that will be used for unfiltered access.

This would be easier if they were running XP Pro, but since they are running XP Home it could be easy for the users (if they're savvy enough) to undue the changes.

 

[KENNYB]

I think i have a better idea. Use a free software firewall to block IP ranges. Modify the firewall so it does not show up in the system tray. Some firewalls, i know Sygate does it, will not allow internet access if its services are killed. The last obstacles are removing the firewall's entries from the install/uninstall control panel and making the install folder invisible.

The last part i forgot how to do. Does anyone remember how to make a folder invisible to NTFS? I learned how to do this about 4 years ago in a Windows 2K security class but i don't remember how to do it anymore.

 

[Dew]

In this situation(5 sites only), would it not be easier to lock down the computers so that the users cant change the network settings or the hosts file, remove DNS servers (or put in bogus ones) from the IP settings, and add the needed host entries for the 5 sites?

 

[JimmyNeutron]

Actually, I may be wrong. There are CPE modems that do offer the capability to restrict access base on their IP or MAC address.

It's not too much of the hardware, but more of the software. I checked my CPE router at home and it does have this capability. It's part of the firewall settings. I'm playing around with mine now and trying to figure out this myself; retricting access to domains.

If the CPE you're using is base on the same RTOS as mine, I can provide you with the command line, hopefully.

Telnet into your friend CPE and see if there's a command to get the OS and system information.

 

[Dew]

To answer the original question, the RV082 (assuming it has the same features in this area as my RV016) will do the job.

Create rules to allow the IP addresses of the whitelisted sites, then create a rule to block all traffic to that range. The allow rules will be processed first, allowing the sites you want, but all other sites will not fall under the IP addresses that are exempt and will be blocked.


Here is what the settings would look like:

 

[KENNYB]

In this situation(5 sites only), would it not be easier to lock down the computers so that the users cant change the network settings or the hosts file, remove DNS servers (or put in bogus ones) from the IP settings, and add the needed host entries for the 5 sites?

I think that it's not possible to lock down the systems because they are running XP Home. As soon as one worker figures out how to modify a host file its over.

 

[KENNYB]

To answer the original question, the RV082 (assuming it has the same features in this area as my RV016) will do the job.

Create rules to allow the IP addresses of the whitelisted sites, then create a rule to block all traffic to that range. The allow rules will be processed first, allowing the sites you want, but all other sites will not fall under the IP addresses that are exempt and will be blocked.

Thanks man. I think this would be the best solution. I tried what i discussed above(and it works) but since it's a convoluted process, if a system ever undergoes a reinstall or a software upgrade i will have to do the process over again. In the interest of saving time and money (since i will be compensated for my time) it's better to implement this once using the Linksys router and leave it at that.

 

[Dew]

Thanks man. I think this would be the best solution. I tried what i discussed above(and it works) but since it's a convoluted process, if a system ever undergoes a reinstall or a software upgrade i will have to do the process over again. In the interest of saving time and money (since i will be compensated for my time) it's better to implement this once using the Linksys router and leave it at that.

The disadvantage of this solution is that you will be using static IP assignments. So if webhosts change IP addresses, you will not have DNS to compensate.

 

[KENNYB]

Thanks for the help Dew. I think I'll lend my friend my modified WRT54G (DD-WRT) and see how it holds up first. It's a big difference in price and it should be up to the job of servicing 8 computers (in conjunction with a switch).

 

[Dew]

Thanks for the help Dew. I think I'll lend my friend my modified WRT54G (DD-WRT) and see how it holds up first. It's a big difference in price and it should be up to the job of servicing 8 computers (in conjunction with a switch).

The WRT54G will do fine, until someone starts using P2P. But since you are only whitelisting 5 IPs, it should be fine.