[SOLVED] Need recommendation for router with good access control / security

Newtonian

Distinguished
Sep 9, 2013
33
0
18,530
I'm in the market for a new router with the following criteria. Can people point me to the right direction?
  • Security: solid firewall
  • Good access control: whitelist feature a must
  • VLAN
  • App-based parental control: so my wife wouldn't have to log on to the web interface to moderate internet use
  • DD-WRT flashing feasibility is a plus but not a must
I currently have Verizon G1100. It's a reliable router, but lacks the whitelist feature. Parental control doesn't quite work without whitelist, because kids can easily change the MAC address and G1100 will think it's a new device and give it free reign.

Last but not least, NO TP-Link. I've had it with TP-Link. I have Archer C2300, and it's 2.4 ghz wifi constantly refuses to accept connection, which doesn't get fixed even after firmware. Have no trust in the brand.
 
Solution
How fast is your internet connection. All the things you talk about use a lot of cpu power and router have less than most cell phones.

VPN on most routers caps it to about 30mbps. Firewall rules depend on how many and how fancy they are but just turning the firewall feature on disables the NAT hardware cpu bypass function and that will cap your rate under 300mbps with no rules.

Pfsense on a small pc is one of the more popular methods but there are many linux firewall/router images.

But as mentioned parental controls are pretty much a waste of time. I mean every kid know about vpn and there are vpn/proxy built in things like google chrome. In addition almost all internet traffic is encrypted and even the DNS is now encrypted...

kanewolf

Titan
Moderator
I'm in the market for a new router with the following criteria. Can people point me to the right direction?
  • Security: solid firewall
  • Good access control: whitelist feature a must
  • VLAN
  • App-based parental control: so my wife wouldn't have to log on to the web interface to moderate internet use
  • DD-WRT flashing feasibility is a plus but not a must
I currently have Verizon G1100. It's a reliable router, but lacks the whitelist feature. Parental control doesn't quite work without whitelist, because kids can easily change the MAC address and G1100 will think it's a new device and give it free reign.

Last but not least, NO TP-Link. I've had it with TP-Link. I have Archer C2300, and it's 2.4 ghz wifi constantly refuses to accept connection, which doesn't get fixed even after firmware. Have no trust in the brand.
If you have TV or phone, you have to keep the G1100.
 

USAFRet

Titan
Moderator
Parental controls via the router is as much a social issue as it is a technical issue.

"Dude - the router is set to disallow blah blah. Please don't try to circumvent this. If we find out (and we will), we'll simply cut off ALL internet access. After, other consequences may apply."

A sufficiently motivated person can get around all sorts of parental restrictions, no matter how good the router is.
That's when the 'other consequences' come into play.

This is similar to "Stay out of the beer fridge."


And yes, if you have TV service via FiOS, the G1100 needs to be in there somewhere. That is what talks to the STBs.


The functionality you seek could be done with an inexpensive PC/laptop and something like pfSense.
But given physical access in the house....all bets are off.
 
How fast is your internet connection. All the things you talk about use a lot of cpu power and router have less than most cell phones.

VPN on most routers caps it to about 30mbps. Firewall rules depend on how many and how fancy they are but just turning the firewall feature on disables the NAT hardware cpu bypass function and that will cap your rate under 300mbps with no rules.

Pfsense on a small pc is one of the more popular methods but there are many linux firewall/router images.

But as mentioned parental controls are pretty much a waste of time. I mean every kid know about vpn and there are vpn/proxy built in things like google chrome. In addition almost all internet traffic is encrypted and even the DNS is now encrypted so you would have to block by IP address.
The problem is sites now days have multiple ip addresses and many of them are owned by hosting companies so you would have to block say all of amazon hosting ips.

Because of abuse by both the government and ISP with traffic monitoring and filters everything is designed to prevent them as well as you from snooping on traffic.
 
Solution

Newtonian

Distinguished
Sep 9, 2013
33
0
18,530
How fast is your internet connection. All the things you talk about use a lot of cpu power and router have less than most cell phones.

VPN on most routers caps it to about 30mbps. Firewall rules depend on how many and how fancy they are but just turning the firewall feature on disables the NAT hardware cpu bypass function and that will cap your rate under 300mbps with no rules.

Pfsense on a small pc is one of the more popular methods but there are many linux firewall/router images.

I have FiOS, which is pretty fast. Internet speed usually logs around 100mbps.
I don't plan to run VPN on the router itself. I have a different server for that.
 

Newtonian

Distinguished
Sep 9, 2013
33
0
18,530
Parental controls via the router is as much a social issue as it is a technical issue.

"Dude - the router is set to disallow blah blah. Please don't try to circumvent this. If we find out (and we will), we'll simply cut off ALL internet access. After, other consequences may apply."

A sufficiently motivated person can get around all sorts of parental restrictions, no matter how good the router is.
That's when the 'other consequences' come into play.

This is similar to "Stay out of the beer fridge."


And yes, if you have TV service via FiOS, the G1100 needs to be in there somewhere. That is what talks to the STBs.


The functionality you seek could be done with an inexpensive PC/laptop and something like pfSense.
But given physical access in the house....all bets are off.

I think the situation is different for everybody, and there is no one-size-fits-all solution.

My kid is getting addicted to the internet.
I'd like to know what types of contents my child is being addicted to, so I can seek more tailored help.

I've also read some articles written by child experts that strongly recommend taking away children's electronics if they can't control themselves on their own.
 
You are best off trying to install monitoring/restricting software on the end devices. Again because the data is encrypted it makes it very hard to determine what exactly is being accessed. I mean you might track a IP to google or amazon but that does not tell you much.