Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Jan 2020
    Posts
    9

    Default How do I go in implementing this...

    Hi all,

    Not sure if this is the right place to ask for this but here goes nothing, I'm using the home version of Untangle and I'm trying to set 2 things :

    - A time limit of 1h/day for my kids on the internet after school which I'll increase as they get older (only 10 and 7 years old so no need for more yet).

    - A block of youtube based on the IP/mac addresses on a set of devices while allowing it on another set of devices in the house.

    Not sure how I need to implement this or even if Policy manager is the right place to do so, please note that I'm using Untangle in transparent bridge mode should that make any difference.

    Any help will be highly appreciated.

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,511

    Default

    Quote Originally Posted by aldiallo-Unt View Post
    Not sure if this is the right place to ask for this but here goes nothing, I'm using the home version of Untangle and I'm trying to set 2 things :
    Welcome to the forums.

    Quote Originally Posted by aldiallo-Unt View Post
    - A time limit of 1h/day for my kids on the internet after school which I'll increase as they get older (only 10 and 7 years old so no need for more yet).
    You can limit specific PCs to specific time of day access but not an amount of time. For example I can limit PC1 to access the Internet to 6pm to 7pm but not 1 hour between 5pm and 10pm.

    To do this create a policies with just firewall install with a block all rule. Create a policy rule which directs the PC's IP to this policy on all hours except the 1 hour you wish.

    I suggest watching our Tech Talk on the subject. https://www.youtube.com/watch?v=PhLxWSxiFA0

    Quote Originally Posted by aldiallo-Unt View Post
    - A block of youtube based on the IP/mac addresses on a set of devices while allowing it on another set of devices in the house.
    Same as above but use Webfilter in the policy.

    Quote Originally Posted by aldiallo-Unt View Post
    Not sure how I need to implement this or even if Policy manager is the right place to do so, please note that I'm using Untangle in transparent bridge mode should that make any difference.
    Either Router or transparent mode will work.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Jan 2020
    Posts
    9

    Default

    Thanks JCoffin, I'll try this out this weekend.

  4. #4
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,526

    Default

    Don't know if this is possible or not. Maybe you could estimate an acceptable amount of bandwidth for one hour. Then limit to that?

  5. #5
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,841

    Default

    Unfortunately, both requests are much more difficult than you'd like.

    For the total time... that's just not possible at the gateway, and any product that claims different is LYING TO YOU.

    To explain why, I could load up Facebook once in the morning at work, leave the page open in the background, but never look at it again until I leave for the day, and any monitoring solution would think I was online all day based on the traffic report, even though my use was effectively zero. Even if I don't load any web pages you'd be amazed at the amount of background traffic generated by a typical system these days. On the other hand, I could load a page that shows the text of a novel all in one page, spend all day reading it, and the traffic report would show I was online for less than five minutes.

    So I'll say it again: It's not possible to limit internet use to a certain amount of time per day in a meaningful way. For better or worse, that's just not how the internet works.

    Now for the YouTube block. This is a least possible. ... BUT ... it's much more difficult than it could be, because google uses a YouTube domain for part of the authentication system for Google Apps and Mail services. So if your kid's school uses Gmail (and many do), blocking YouTube also means blocking them out of their school mail and documents, unless you're very careful about it.
    Last edited by jcoehoorn; 04-15-2021 at 01:01 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,859

    Default

    Yeah, websites look like cohesive monolithic things, but they are actually hundreds of parts all potentially coming from different places. The gateway device see this as tens of TCP sessions all firing off at about the same time to a random collection of web servers out in the world some place.

    And all of that, if HTTPs... is encrypted us all you can see at the gateway is the SNI field, which is nothing more than the domain name for each request.

    So... which session has the page's content? no clue...
    How long did the user look at the content after it was collected and rendered? no clue...


    So you cannot control based on time limits. What you can do is schedule a specific hour of the day they can be active.

    What I've done to deal with the above... is to make two racks for my kids. One, is a general allow everything rack with a few more aggressive tweaks in Web Filter than I keep for myself. For example I block hate speech, nudity, stuff that's not terribly bad but not something I want my 6 year old reading or looking at.

    The 2nd rack is a child of that first rack, with all the same Web Filter configurations except this one also blocks audio and video streaming. This kills Youtube... and Facebook Video... and a horde of other stuff. Because I figured out ages ago that if my kids watched Youtube too long in a given day, their behavior was CRAP!

    So the blocking rack is where they live, unless it's between 1pm and 3pm. So they get two hours of time where they can watch Youtube. When they're at school, this time passes before they even get home. So they only got to use it on weekends / holidays... but always at that time.

    Now that period in the day is known as YouTube time! I've since had to basically turn all this off, because the schools use Youtube so much the blocks were preventing homework getting done. I couldn't find much of a way to deal with it... BUT I do still have that block in place and every so often... I have to toss a kid into it for a day or two.

    Now I have four kids, and they beat each other up to ensure no one abuses Youtube... because they know the kid that does will lose it, and then that kid will hover over the shoulder of another sibling to watch their instead... which is highly annoying to the child that didn't lose access!

    So they enforce the standards I want, all by themselves now... and I say, programming complete, onto the next phase!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler
    Join Date
    Oct 2013
    Posts
    237

    Default

    Blocking YouTube in Application Control works best for me. It does not interfere with my kid's access to Google Classroom. In fact, it's setup in a way that the block is active only during class hours (8AM to 3PM).

    The only time it's a problem is when the teacher legitimately asks the students to watch a YouTube link. In which case, I temporarily disable the Policy that triggers the block.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,859

    Default

    That's not a bad idea either!

    I didn't try that approach due to scale, I have four kids and this school year in particular... ugh... I was turning the filters on / off for assignments probably 8-9 times a day! That got old... so I just caved. But then the kids started self enforcing so I made some popcorn.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Jan 2020
    Posts
    9

    Default

    Hi all,

    Just reporting back on this, didn't work as expected, that being said the wife want to completely block Youtube from the network except for the TV, which is on a different VLAN, so I figure out I could try blocking Youtube altogether just on the targeted vlan, now my question is, as I'm using Untangled in bridge mode, can I still do this? and also is this to be done at the Application Control level?

    Thanks

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,859

    Default

    Not easily... VLANs need to terminate on Untangle and getting them to do so correctly is vastly easier in router mode.

    In fact, this reality is such that I'm willing to bet somewhere in that insanity of the convoluted mess that is your network map is why your efforts didn't work as expected this time too. I don't think the Ethernet frames are flowing where you think they're flowing!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2