Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1341 posts

Uber Geek
+1 received by user: 32


Topic # 148620 25-Jun-2014 10:42
Send private message

Hi does anyone know about setting up a shared internet connection for the diffrent tenants?  I have rang a ISP and they said the account holder will bear the responsibility but you can set up parental controls on the router but still ....   There are hotels,  student hostels etc.  How do they do it? 

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
5300 posts

Uber Geek
+1 received by user: 1498

Trusted

  Reply # 1074032 25-Jun-2014 10:53
Send private message


Scatter some wireless AP's get a decent firewall and some xxx filters etc and you should be good. Maybe want fibre for this or VDSL.

^ basic concept.

You could get 5x tplink access points. All using same ssid.
Back to a 8 port switch to a of sense firewall to the modem then to the internet. You can run your own browsing off the modem/router and be seperate from the WiFi users.

Cheers



1341 posts

Uber Geek
+1 received by user: 32


  Reply # 1074037 25-Jun-2014 11:00
Send private message

For the mods - my apologies please this thread to the appropriate place. 

Yeah, I had a look at the Snap's Fritzbox settings.  We don't need more APs cos the house isn't that large.  There is a guest setting that you can block adult content etc. 

 

There is a filter list that we can use.  We have Snap now at home.  The filter list needs to be added in manually which is not that practical unless I wanted to block Facebook.com which we aren't going to do that. 

Can one block ports like torrents?  Or anything else you guys think they should do. 

 
 
 
 


What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

  Reply # 1074043 25-Jun-2014 11:06
Send private message

I think this is a pretty grey area in NZ still, if not the world.
Depending on the size of this boarding house, I think the following would be pretty safe:

 

  • Sign up to a business internet plan instead of residential (i.e. Snap Business with the unmetered YouTube addon). I think ISPs are more likely to take you seriously if you are a business customer
  • Get a good 'layer 7' firewall such as a Meraki MX60 or similar to allow you to do a pretty good job of blocking Peer to peer file sharing, adult and illegal content

     

    • Meraki has a very nice web portal to log into and see how much data each device has used, hostnames they are connecting to, applications that are using the most bandwidth. You can filter/prioritise by types of traffic, types of applications, the user/device that is connecting.
    • Alternatively if it is a small area and only needed one or two APs, most of the above can be done directly in Meraki wireless APs - probably wouldn't even need a firewall.
  • Get all users to sign a internet use policy, agreeing to not do anything illegal, and that their usage may be monitored. File these away, the idea here is to show that you are being proactive about responsible internet use

EDIT: After seeing your message about only needing one access point, and that you already have a Fritz!Box, a nice solution could be a Meraki MR12 or MR18, and setup content filtering/blocking peer to peer traffic on that. You can get a free demo unit to try if you wanted. Sorry I had been envisaging a larger boarding house.

In response to your question, no, I don't think you can effectively block torrents with a conventional firewall (blocking ports), the torrent clients could just download over port 443 instead. That is where UTM/Layer 7/Application layer firewalls come in


1874 posts

Uber Geek
+1 received by user: 83

Trusted

  Reply # 1074058 25-Jun-2014 11:24
Send private message

I had this dilema a few years ago when i was a supervisor at a high school boarding school. I basically setup a PFsense firewall on an old pc, had it going through opendns to block 95% of offending websites, then checked the most visited sites in pfsense to manually block ones that were getting through.

Just had a bunch of access points as suggested all leading back to a switch that was into the pfsense firewall then out to the internet.

Torrents are a little trickier but i found blocking the sites was a fairly good deterrant and stopped most of it. Back then limewire etc was still fairly popular, pfsense actually managed to block most of that itself.

1448 posts

Uber Geek
+1 received by user: 351


  Reply # 1074070 25-Jun-2014 11:37
Send private message

Do you actually want to block torrents altogether?  Wouldn't it be a better solution (for the tenants) to speed restrict them instead?

5300 posts

Uber Geek
+1 received by user: 1498

Trusted

  Reply # 1074085 25-Jun-2014 11:40
Send private message

rayonline: For the mods - my apologies please this thread to the appropriate place. 

Yeah, I had a look at the Snap's Fritzbox settings.  We don't need more APs cos the house isn't that large.  There is a guest setting that you can block adult content etc.  There is a filter list that we can use.  We have Snap now at home.  The filter list needs to be added in manually which is not that practical unless I wanted to block Facebook.com which we aren't going to do that. 

Can one block ports like torrents?  Or anything else you guys think they should do. 


No such thing as a torrent port. It just flies through what ever one is listed or randomized :/




1341 posts

Uber Geek
+1 received by user: 32


  Reply # 1074095 25-Jun-2014 11:43
Send private message

jnimmo:
EDIT: After seeing your message about only needing one access point, and that you already have a Fritz!Box, a nice solution could be a Meraki MR12 or MR18, and setup content filtering/blocking peer to peer traffic on that. You can get a free demo unit to try if you wanted. Sorry I had been envisaging a larger boarding house.

In response to your question, no, I don't think you can effectively block torrents with a conventional firewall (blocking ports), the torrent clients could just download over port 443 instead. That is where UTM/Layer 7/Application layer firewalls come in



So this MR12 thing.  It plugs into the Friztbox with the Frizbox WiFi disabled?  I will have a look into it thanks.  Might get a demo. 

Not much room or the bother to set up a standalone PC :) 



1341 posts

Uber Geek
+1 received by user: 32


  Reply # 1074097 25-Jun-2014 11:44
Send private message

MadEngineer: Do you actually want to block torrents altogether?  Wouldn't it be a better solution (for the tenants) to speed restrict them instead?


Legal HD content?  But yeah ;-D

Well don't get into the legal torrents vs the illegal type :)

595 posts

Ultimate Geek
+1 received by user: 236

Subscriber

  Reply # 1074105 25-Jun-2014 11:46
Send private message

Hotels & commercial accommodations use zenbu, or global gossip or similar to sell WiFi.
Is that what you're after?



1341 posts

Uber Geek
+1 received by user: 32


  Reply # 1074117 25-Jun-2014 12:03
Send private message

No not Zenbu.  I had a look at the prices people purchase time credits for.  They might be ok for motels etc. but students would probably be deterred away.  $100 for 1GB.  Cheaper to sign up for a internet plan themselves but many choose not to come b/c they want it to be provided like a university halls of residence etc. 

Banana?
4081 posts

Uber Geek
+1 received by user: 870

Subscriber

  Reply # 1074125 25-Jun-2014 12:12
Send private message

With Zenbu, you can set your own pricing.

What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

  Reply # 1074128 25-Jun-2014 12:17
Send private message

rayonline:

So this MR12 thing.  It plugs into the Friztbox with the Frizbox WiFi disabled?  I will have a look into it thanks.  Might get a demo. 

Not much room or the bother to set up a standalone PC :) 


Yeah - you would just plug it into the Fritz and disable wifi on the Fritz. You could setup one wifi SSID for you to use, and one for the boarders.
The boarders one you could setup client isolation and block all access to your own network in the firewall.

 

Has integrated billing/per user authentication features too if you had issues with certain people using too much, can always be turned on later if it was an issue.

You can get an idea for some more of the details in the documentation
https://docs.meraki.com/display/MR/MR+Quick+Start

A couple of screenshots of useful screenshots for you:
https://meraki.cisco.com/technologies/application-qos
https://meraki.cisco.com/technologies/next-gen-firewall

I haven't personally used the Meraki APs yet but use one of their firewalls for a school and know the APs are somewhat similar in feature set.

6849 posts

Uber Geek
+1 received by user: 3163

Moderator
Trusted
Subscriber

  Reply # 1074132 25-Jun-2014 12:21
Send private message

+1 to the Meraki.

 

 

 

I can organize this if you wish - just send me a PM. Basically this is a very feature-packed router and sounds like it is the ideal solution for you.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


3182 posts

Uber Geek
+1 received by user: 984

Subscriber

  Reply # 1074154 25-Jun-2014 12:27
Send private message

I feel like Meraki would just be a bit OTT for this situation.

The reality is there are bugger all copyright notices going around so I really wouldn't worry about it much.

I would just go Mikrotik. Set up the Hotspot and that will give you guest speed/time/quota control. Then if you really want adult filtering use OpenDNS's service but only apply it to the guest wifi network and keep a separate network for your own personal use.

A Mikrotik RB951G-2HnD is only about $120ish. Then you just just use little RB9512n as extra AP's if required. So so so much cheaper than Meraki kit!!

And if you really really want to filter torren applications etc there is the Layer 7 firewall and some other clever things in RouterOS.

5072 posts

Uber Geek
+1 received by user: 2097

Trusted
Subscriber

  Reply # 1074160 25-Jun-2014 12:37
Send private message

Some Draytek's will do content filtering + rate shaping etc.

Or go with BigPipe and hide behind their CG-NAT :)




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.