How To Set Up Parental Controls On Toastman's Tomato Firmware for WNR3500L

The Internet is a scary place. Now, I'm not a parent yet--but if I were, I'd want to at least try to impose some realistic limits on the internet for my kids. I'm not into shielding kids from too much, but some things (and some sites) just cannot be un-seen, as you may possibly know but not care to admit. Plus, it's probably nice to know that your kids can't browse the Internet a 3 in the morning when they have school in only a few hours.

Fortunately, if you have a WNR3500L, you can use Toastman's excellent Tomato firmware build to set up a variety of settings to restrict Internet access on your router. Here's how.

If you haven't snagged the latest version of Toastman's Tomato build for your WNR3500L, you'll need it to proceed. Click here to download it, and here for information on how to install it before proceeding.

[Purchase a NETGEAR WNR3500L]

Monitoring Web Usage

If you don't want to restrict usage in your household--but would like an idea of what's going on, this firmware has the ability to track virtually all Internet activity going through the router. It's automatic and easy to set up.

Head over to the administration panel, then "Logging." Simply check the "Monitor Web Usage" option. You can select to monitor all machines, or select an individual machine, as well as how many line items to remember.

In this way, you can see what sites are being accessed by your Internet connection.

Blocking Access Entirely

These days, it's probably an extremely severe form of punishment to banish a kid from the Internet. I know if I had to go without for more than a day, I'd probably explode. Here's how to block access entirely to a certain machine.

Head to the Basic => Wireless Filter panel. From here, you can enter the MAC address of the unique machine or machines you would like to add to the block list.

Unsure which devices are which? You can head to the Basic => Device List panel and see the MAC and IP addresses of each device connected to your network, sometimes with a device name or description.

Of course, there are probably creative ways around this MAC address restriction, but if your kid figures out how to do this, perhaps they have a career in programming, engineering, or a similar geeky field ahead of them :)

Scheduled Access Restriction

You can also restrict access by day and time. This is useful if you actually want your kids to go to bed at a certain time instead of staying up and playing Minecraft all night, which is what I would have done had Minecraft existed in the 80's.

In the Access Restriction panel, you have the ability once again to set up rules for all machines or for specific MAC addresses. You can set up a time and date schedule to restrict access. Pretty simple!

Restricting Certain Sites or Activities

Perhaps you don't care as much about scheduling timed restrictions, but more about certain sites--say your child is particularly fond of Miniclip and they are now grounded from it, or there was a particularly nefarious domain you caught them peeping at once.

Simply uncheck the "Block All Internet Access" option at the bottom of the Access Restrictions screen and you'll see a whole new pane of options pop up. There's a TON of custom options available here--you can block certain sites or certain types of traffic (e.g., P2P, etc.)

Conclusions

In addition to being a robust firmware on its own, I was surprised to see the multitude of restriction options in this firmware. It's so easy to use and install, and with these options, I can heartily recommend it as a firmware ideal for family home use.

[Purchase a NETGEAR WNR3500L]

DigitaLasagna
DigitaLasagna's picture
You could also use opendns

You could also use opendns.com for more granular or broad approach.  

Setup your free OpenDNS account on www.opendns.com

There are a variety of options, but there is a free one.  You can configure logging if you want.  Additionally you can set a level of things to block.  The advantage here is that you could block things you don't know about.  A blacklist/whitelist works only if you know everything one might search for. 

Make sure to setup the option to allow for dynamic ip updates:

Settings -> Advanced Settings ->  check Enable Dynamic IP Update

 

Setup Tomato to automatically use OpenDNS servers

Tomato makes it really easy.  Using the DDNS and setup OpenDNS. 

Basic -> DDNS -> OpenDNS

I only have 1 network, so I left Network blank.  If you want to use OpenDNS as your default DNS Servers (you probably do) then select this.

 

Now, a saavy person can just change their DNS settings.  There might be a tool you could use, or even group policy to prevent users from changing it but I don't know.

DigitaLasagna
DigitaLasagna's picture
Additionally, if you wanted

Additionally, if you wanted to have free unfettered internet use for.. adult purposes.. you could just change your DNS servers on your TCP connection. This would bypass opendns but still leave it set for the network.

Striatum
Striatum's picture
DigitaLasagna said:

DigitaLasagna said: Additionally, if you wanted to have free unfettered internet use for.. adult purposes.. you could just change your DNS servers on your TCP connection. This would bypass opendns but still leave it set for the network.

It is not recommanded to enable DNS bypassing, as kids will rapidly find via google that setting different DNS servers on their computers will bypass your protection....

So you must check 'intercept port 53' on the DNS page, so every DNS query going through port 53 will go through OpenDNS. And evidently DNS servers must be set to OpenDNS ones....

In addition, you must add 'strict-order'  in the 'Custom dnsmasq'  area (DNS page of Tomato GUI), instead Tomato could use randomly the static DNS servers or those provided by your ISP eventually.

On your OpenDNS dashboard you can define a whitelist if you wish to access to specific sites that would be blocked. I recommand to check 'Anonymizers' category in you filtering OpenDNS profile.

And above all your kids mustn't have Admin privileges on their computers..... so they can't install free VPN clients, or Tor etc... This basic is often forgotten....

sieghart
sieghart's picture
I know a software that is a

I know a software that is a good parental control also it is easy to use. It has different features for monitoring like screen monitoring that take accurate picture of what a person do during using the computer. It can also monitor which website, document, application that is actively being use and where does the person spend time most. It is called time doctor for more information about this software click here.

magdiel1975
magdiel1975's picture
Hi..

Hi..
Avast came out with Internet Security and it has a feature called "Secure DNS".. if this feature is enabled, it bypasses ANY DNS setting the router has and replaces it with Avast DNS server...even with port 53 enabled in Tomato..

Is there a way to prevent any software to be able to do this?.. I see this as a loophole to those who want to bypass OpenDNS or any other dns service for that matter.

magdiel1975
magdiel1975's picture
duplicate.

duplicate.

kk74
kk74's picture
Does anyone know if there is

Does anyone know if there is a solution to the following:
When using a vpn on tomato firmware access restriction does not work.

magdiel1975
magdiel1975's picture
Hi..

Hi..
Avast came out with Internet Security and it has a feature called "Secure DNS".. if this feature is enabled, it bypasses ANY DNS setting the router has and replaces it with Avast DNS server...even with port 53 enabled in Tomato..

Is there a way to prevent any software to be able to do this?.. I see this as a loophole to those who want to bypass OpenDNS or any other dns service for that matter.

magdiel1975
magdiel1975's picture
duplicate.

duplicate.

kk74
kk74's picture
Does anyone know if there is

Does anyone know if there is a solution to the following:
When using a vpn on tomato firmware access restriction does not work.