Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1661 posts

Uber Geek


#148620 25-Jun-2014 10:42
Send private message

Hi does anyone know about setting up a shared internet connection for the diffrent tenants?  I have rang a ISP and they said the account holder will bear the responsibility but you can set up parental controls on the router but still ....   There are hotels,  student hostels etc.  How do they do it? 

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
6615 posts

Uber Geek
Inactive user


  #1074032 25-Jun-2014 10:53
Send private message


Scatter some wireless AP's get a decent firewall and some xxx filters etc and you should be good. Maybe want fibre for this or VDSL.

^ basic concept.

You could get 5x tplink access points. All using same ssid.
Back to a 8 port switch to a of sense firewall to the modem then to the internet. You can run your own browsing off the modem/router and be seperate from the WiFi users.

Cheers



1661 posts

Uber Geek


  #1074037 25-Jun-2014 11:00
Send private message

For the mods - my apologies please this thread to the appropriate place. 

Yeah, I had a look at the Snap's Fritzbox settings.  We don't need more APs cos the house isn't that large.  There is a guest setting that you can block adult content etc. 

 

There is a filter list that we can use.  We have Snap now at home.  The filter list needs to be added in manually which is not that practical unless I wanted to block Facebook.com which we aren't going to do that. 

Can one block ports like torrents?  Or anything else you guys think they should do. 

 
 
 
 


What does this tag do
1026 posts

Uber Geek

Subscriber

  #1074043 25-Jun-2014 11:06
Send private message

I think this is a pretty grey area in NZ still, if not the world.
Depending on the size of this boarding house, I think the following would be pretty safe:

 

  • Sign up to a business internet plan instead of residential (i.e. Snap Business with the unmetered YouTube addon). I think ISPs are more likely to take you seriously if you are a business customer
  • Get a good 'layer 7' firewall such as a Meraki MX60 or similar to allow you to do a pretty good job of blocking Peer to peer file sharing, adult and illegal content

     

    • Meraki has a very nice web portal to log into and see how much data each device has used, hostnames they are connecting to, applications that are using the most bandwidth. You can filter/prioritise by types of traffic, types of applications, the user/device that is connecting.
    • Alternatively if it is a small area and only needed one or two APs, most of the above can be done directly in Meraki wireless APs - probably wouldn't even need a firewall.
  • Get all users to sign a internet use policy, agreeing to not do anything illegal, and that their usage may be monitored. File these away, the idea here is to show that you are being proactive about responsible internet use

EDIT: After seeing your message about only needing one access point, and that you already have a Fritz!Box, a nice solution could be a Meraki MR12 or MR18, and setup content filtering/blocking peer to peer traffic on that. You can get a free demo unit to try if you wanted. Sorry I had been envisaging a larger boarding house.

In response to your question, no, I don't think you can effectively block torrents with a conventional firewall (blocking ports), the torrent clients could just download over port 443 instead. That is where UTM/Layer 7/Application layer firewalls come in


1874 posts

Uber Geek

Trusted

  #1074058 25-Jun-2014 11:24
Send private message

I had this dilema a few years ago when i was a supervisor at a high school boarding school. I basically setup a PFsense firewall on an old pc, had it going through opendns to block 95% of offending websites, then checked the most visited sites in pfsense to manually block ones that were getting through.

Just had a bunch of access points as suggested all leading back to a switch that was into the pfsense firewall then out to the internet.

Torrents are a little trickier but i found blocking the sites was a fairly good deterrant and stopped most of it. Back then limewire etc was still fairly popular, pfsense actually managed to block most of that itself.

2106 posts

Uber Geek

Trusted

  #1074070 25-Jun-2014 11:37
Send private message

Do you actually want to block torrents altogether?  Wouldn't it be a better solution (for the tenants) to speed restrict them instead?

6615 posts

Uber Geek
Inactive user


  #1074085 25-Jun-2014 11:40
Send private message

rayonline: For the mods - my apologies please this thread to the appropriate place. 

Yeah, I had a look at the Snap's Fritzbox settings.  We don't need more APs cos the house isn't that large.  There is a guest setting that you can block adult content etc.  There is a filter list that we can use.  We have Snap now at home.  The filter list needs to be added in manually which is not that practical unless I wanted to block Facebook.com which we aren't going to do that. 

Can one block ports like torrents?  Or anything else you guys think they should do. 


No such thing as a torrent port. It just flies through what ever one is listed or randomized :/




1661 posts

Uber Geek


  #1074095 25-Jun-2014 11:43
Send private message

jnimmo:
EDIT: After seeing your message about only needing one access point, and that you already have a Fritz!Box, a nice solution could be a Meraki MR12 or MR18, and setup content filtering/blocking peer to peer traffic on that. You can get a free demo unit to try if you wanted. Sorry I had been envisaging a larger boarding house.

In response to your question, no, I don't think you can effectively block torrents with a conventional firewall (blocking ports), the torrent clients could just download over port 443 instead. That is where UTM/Layer 7/Application layer firewalls come in



So this MR12 thing.  It plugs into the Friztbox with the Frizbox WiFi disabled?  I will have a look into it thanks.  Might get a demo. 

Not much room or the bother to set up a standalone PC :) 

 
 
 
 




1661 posts

Uber Geek


  #1074097 25-Jun-2014 11:44
Send private message

MadEngineer: Do you actually want to block torrents altogether?  Wouldn't it be a better solution (for the tenants) to speed restrict them instead?


Legal HD content?  But yeah ;-D

Well don't get into the legal torrents vs the illegal type :)

822 posts

Ultimate Geek

Lifetime subscriber

  #1074105 25-Jun-2014 11:46
Send private message

Hotels & commercial accommodations use zenbu, or global gossip or similar to sell WiFi.
Is that what you're after?



1661 posts

Uber Geek


  #1074117 25-Jun-2014 12:03
Send private message

No not Zenbu.  I had a look at the prices people purchase time credits for.  They might be ok for motels etc. but students would probably be deterred away.  $100 for 1GB.  Cheaper to sign up for a internet plan themselves but many choose not to come b/c they want it to be provided like a university halls of residence etc. 

Banana?
4958 posts

Uber Geek

Subscriber

  #1074125 25-Jun-2014 12:12
Send private message

With Zenbu, you can set your own pricing.

What does this tag do
1026 posts

Uber Geek

Subscriber

  #1074128 25-Jun-2014 12:17
Send private message

rayonline:

So this MR12 thing.  It plugs into the Friztbox with the Frizbox WiFi disabled?  I will have a look into it thanks.  Might get a demo. 

Not much room or the bother to set up a standalone PC :) 


Yeah - you would just plug it into the Fritz and disable wifi on the Fritz. You could setup one wifi SSID for you to use, and one for the boarders.
The boarders one you could setup client isolation and block all access to your own network in the firewall.

 

Has integrated billing/per user authentication features too if you had issues with certain people using too much, can always be turned on later if it was an issue.

You can get an idea for some more of the details in the documentation
https://docs.meraki.com/display/MR/MR+Quick+Start

A couple of screenshots of useful screenshots for you:
https://meraki.cisco.com/technologies/application-qos
https://meraki.cisco.com/technologies/next-gen-firewall

I haven't personally used the Meraki APs yet but use one of their firewalls for a school and know the APs are somewhat similar in feature set.

/dev/null
9289 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1074132 25-Jun-2014 12:21
Send private message

+1 to the Meraki.

 

 

 

I can organize this if you wish - just send me a PM. Basically this is a very feature-packed router and sounds like it is the ideal solution for you.




4495 posts

Uber Geek

Trusted

  #1074154 25-Jun-2014 12:27
Send private message

I feel like Meraki would just be a bit OTT for this situation.

The reality is there are bugger all copyright notices going around so I really wouldn't worry about it much.

I would just go Mikrotik. Set up the Hotspot and that will give you guest speed/time/quota control. Then if you really want adult filtering use OpenDNS's service but only apply it to the guest wifi network and keep a separate network for your own personal use.

A Mikrotik RB951G-2HnD is only about $120ish. Then you just just use little RB9512n as extra AP's if required. So so so much cheaper than Meraki kit!!

And if you really really want to filter torren applications etc there is the Layer 7 firewall and some other clever things in RouterOS.

5663 posts

Uber Geek

Trusted
Lifetime subscriber

  #1074160 25-Jun-2014 12:37
Send private message

Some Draytek's will do content filtering + rate shaping etc.

Or go with BigPipe and hide behind their CG-NAT :)




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.

 

Cel-Fi supply and installer - boost your mobile phone coverage legally
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00


OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44


NordVPN rolling out NordLynx new generation VPN protocol based on WireGuard
Posted 23-Apr-2020 16:37



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.