OpenDNS provides a way to secure your internet so that kids will not be allowed to visit sites YOU don't want them to visit.
Frankly speaking I don't know how effective this is because if they have laptop and they connect to internet from sat StarBucks. There's no way you can control which sites they visit when they are their. Or limiting their access to social networking sites like Facebook.
However if your goal is to protect them when they are on your network then read on.
You need to subscribe to OpenDNS package and configure your access on OpenDNS Website.
e.g. If you are pretty strict you would restrict ALL Email sites which blocks access to Gmail, Yahoo Mail and all well known email websites.
The next task is to tell your router to redirect requests to ALL domains to OpenDNS servers rather than say Google or your ISP DNS servers so that OpenDNS could actually filter results based on your restrictions rather than being open to the world.
Here's the screenshot of settings under OpenWRT. Ignore the last 2 entries, those are actually Google DNS servers and remember that listing dozens of DNS servers is actually useless. Only first 3 entries will be used to resolve the Website IP addresses.
One would think that we are done at this step. But then we will be underestimating the kids. Because every computer maintains the DNS servers the computer can talk to regardless of what the router configuration says.
Which means configuring each machine to use 192.168.1.1 or the router as the DNS server. That works very well too until the Computer users can modify the list of DNS servers on Linux it's /etc/resolv.conf where the list of DNS servers can be provided thus bypassing the settings at router.
For that OpenDNS has a solution. Configure the firewall to REJECT all requests to outside DNS servers.
Configure the router to REJECT any TCP+UDP requests from any host in the LAN to any host in WAN on port 53. Thus if DNS servers are using the standard port 53, no hosts in your network can send requests to them.
Again if you are using OpenDNS this can be achieved by going to Network -> Firewal -> Traffic Rules and creating a new rule shown in the picture below.
Once you create the new rule do not forget to Save and Apply under OpenWRT.
Good luck!
Frankly speaking I don't know how effective this is because if they have laptop and they connect to internet from sat StarBucks. There's no way you can control which sites they visit when they are their. Or limiting their access to social networking sites like Facebook.
However if your goal is to protect them when they are on your network then read on.
You need to subscribe to OpenDNS package and configure your access on OpenDNS Website.
e.g. If you are pretty strict you would restrict ALL Email sites which blocks access to Gmail, Yahoo Mail and all well known email websites.
The next task is to tell your router to redirect requests to ALL domains to OpenDNS servers rather than say Google or your ISP DNS servers so that OpenDNS could actually filter results based on your restrictions rather than being open to the world.
Here's the screenshot of settings under OpenWRT. Ignore the last 2 entries, those are actually Google DNS servers and remember that listing dozens of DNS servers is actually useless. Only first 3 entries will be used to resolve the Website IP addresses.
One would think that we are done at this step. But then we will be underestimating the kids. Because every computer maintains the DNS servers the computer can talk to regardless of what the router configuration says.
Which means configuring each machine to use 192.168.1.1 or the router as the DNS server. That works very well too until the Computer users can modify the list of DNS servers on Linux it's /etc/resolv.conf where the list of DNS servers can be provided thus bypassing the settings at router.
For that OpenDNS has a solution. Configure the firewall to REJECT all requests to outside DNS servers.
Configure the router to REJECT any TCP+UDP requests from any host in the LAN to any host in WAN on port 53. Thus if DNS servers are using the standard port 53, no hosts in your network can send requests to them.
Again if you are using OpenDNS this can be achieved by going to Network -> Firewal -> Traffic Rules and creating a new rule shown in the picture below.
Once you create the new rule do not forget to Save and Apply under OpenWRT.
Good luck!


