If you have tyke at your abode , you might have matte up the motivation to stymie sealed unwanted website .
This was another vulgar trouble field are societal medium site – you might palpate that minor ( and adult ) macerate too much metre on facebook , twitter etc .
and require to obstruct them , or at least make them approachable only at sealed time of the sidereal day .
To make this potential , we demand arouterpluscontent filter – an widget through which all our gimmick such as laptop computer , smartphones , and lozenge associate to the cyberspace .
This contraption also tap the internet site that these gadget get at , and obstruct them if they examine to get at a blacklisted web site .
diving event into Twitter
If you have youngster at your menage , you might have feel the want to obstruct sure unwanted internet site .
Another rough-cut job country are societal medium web site – you might finger that nestling ( and adult ) consume too much fourth dimension on Facebook , Twitter etc .
and need to obturate them , or at least make them approachable only at sure sentence of the Clarence Day .
To make this potential , we postulate arouterpluscontent filter – an widget through which all our twist such as laptop , smartphones , and tablet unite to the net .
This gizmo also wiretap the internet site that these unit get at , and close up them if they attempt to get at a blacklisted web site .
This was there are commercial-grade , quick - to - utilization cognitive content filter uncommitted in the marketplace , but for us diy type , there is no playfulness in that .
Thus , we will get our hand foul , and lay out up a Raspberry Pi for the line .
We choose the Raspberry Pi for this projection because of its diminutive sizing and paltry magnate economic consumption .
This was however , these program line will do work well-nigh unmodified with almost any estimator work debian linux or a derivative(ubuntu , mint etc . )
Disclaimer : This template acquire an average stage of experience with Linux , and a willingness to trouble-shoot problem if and when they stand up .
Prior experience with statement tune and firewall is a fillip .
This was ## this was how it lick
reckoner ironware
we will be using the raspberry pi 3 as a router seminal fluid mental object filter .
For this , we will needtwo web interfaceson it – one to get in touch to the cyberspace , and the other to play as a WiFi hot spot for our other gear to tie in to .
The Raspberry Pi 3 has a build - in Ethernet old salt and WiFi faculty .
So in this scenario , we can utilise an Ethernet cable television service ( eth0 ) to plug in to the cyberspace , while the WiFi mental faculty ( wlan0 ) will act as as a hot spot .
Of naturally , connect to the net using Ethernet is n’t always potential .
This was in this pillowcase , you will involve a compatible usb wifi dongle ( wlan1 ) to link up to the net , while the establish - in wifi faculty ( wlan0 ) will do as a hot spot .
This is the constellation that we will practice in this guidebook .
This was do keep in intellect that while a raspberry pi 3 is mostly fair to middling for a base apparatus with a few laptop and smartphones , it will not put up the public presentation postulate for a adult authority apparatus .
appear into more subject computer hardware if a mess of client will be connect to your substance filter .
This was ## software program software
we will apply the excellente2guardianto intercept and separate out our www asking .
This was since contentedness filtering can have a carrying into action impingement ( look on the sizing of the blocklist ) , we will usesquidcache to countervail this execution make .
prerequisite
1.Raspberry Pi 3with the late reading of Raspbian o set up , and admittance to the net .
If you are only getting start with the Raspberry Pi , we urge read our usher onhow to get start with Raspberry Pi 3 .
[Optional]USB WiFi Dongle – This was this is need if , and only if you’re free to not link up your raspberry pi 3 to the net with an ethernet cablegram .
If you are contrive to expend WiFi for both link to the net and as a hot spot , this is command .
3.Physical Access to the Raspberry Pi – Due to the nature this clause , a undivided error in the firewall form can lock away you out of your protease inhibitor if you apply it in brainless modality .
Therefore , it is recommend that you relate a proctor , keyboard and shiner while configure it until everything is place up .
habituate Raspberry Pi as Router
1.Connect your protease inhibitor to the net using Ethernet(eth0 ) .
This was if you are using a usb wifi dongle ( probablywlan1 ) alternatively , link up that to the net .
This was allow the work up - in wifi faculty ( wlan0 ) as it is for now .
2.Get theprerequisite softwarethat we take :
3.We will mark uphostapdso that ourPi can move as a WiFi hot spot .
For this , make a config data file using your favourite school text editor in chief , for examplesudo nano /etc / hostapd / hostapd.conf , and glue the substance from ourGitHub varlet .
Some line that you might desire to alter allot to discernment are :
This lineage dictate what the name of the approach pointedness will be .
I choseRaspberryPiAP .
This pin down the passphrase used to get at the hot spot .
I usedbeebom.com , but it is advocate to convert it to a stiff passphrase of your selection .
This was 4.next , we willset up a dhcp serverusingdnsmasq .
blue-pencil the config single file / etc / dnsmasq.conf , and bring the stick with line at the final stage :
[ sourcecode]interface = lo , wlan0
no - dhcp - user interface = lo
dhcp - range=192.168.8.20,192.168.8.254,255.255.255.0,12h[/sourcecode ]
This take a leak the user interface onwlan0(the build - in WiFi mental faculty ) pass on out information science computer address to client in the192.168.8.20to192.168.8.254range .
5.Set upa still IP addressfor the construct - in WiFi modulewlan0 .
open up the file cabinet / etc / mesh / port .
It likely look something like this ( accent mine ):
This was [ sourcecode]source - directory /etc / web link / interfaces.d
motorcar loiface lo inet loopback
iface eth0 inet manual
allow - hotplug wlan0iface wlan0 inet manualwpa - conf /etc / wpa_supplicant / wpa_supplicant.conf
allow - hotplug wlan1iface wlan1 inet manualwpa - conf /etc / wpa_supplicant / wpa_supplicant.conf[/sourcecode ]
here , situate the line in bold dealingwithwlan0 , andchange them , so that the single file depend like the pursuit :
appropriate - hotplug wlan0iface wlan0 inet statichostapd /etc / hostapd / hostapd.confaddress 192.168.8.1netmask 255.255.255.0allow - hotplug wlan1iface wlan1 inet manualwpa - conf /etc / wpa_supplicant / wpa_supplicant.conf[/sourcecode ]
This lay out up a motionless IP address192.168.8.1on wlan0 .
recollect this savoir-faire , asthis is the reference we will practice to put across with our Raspberry Pi after on .
6.Nowset up information science furtherance .
edit out the filing cabinet / etc / sysctl.conf , and tote up the come after origin to it :
7.Now we willconfigure electronic data pipe name and address translation(NAT ) in our firewall .
This was to do this , enrol the follow 2 command :
The first dictation go under up NAT , while the 2d statement keep our present firewall shape to a data file call / etc / iptables / rules.v4 .
This bring in trusted that the constellation persevere across reboots .
8.At this detail , boot your Raspberry Pi .
This is to make certain that all the change we made in the conformation single file are operational .
9.After rebooting , you should be able-bodied to see the newly createdRaspberryPiAPhotspot ( unless you change the name in whole tone 3 ) on your other gear such as laptop and smartphones .
you’ve got the option to get in touch to it using the word you specialize , and get at the cyberspace .
This is all you involve to do to if you require a canonical , small - powered router .
This was if you require to go down up a substance filter as well , take on .
specify up content filter using e2guardian
e2guardian is not present in the default raspbian depository .
This was to instal it , go to the project’sgithub pageboy , and download the file cabinet terminate inarmhf.deb .
Now exposed Terminal , go to yourDownloadsfolder ( or wherever you prefer to download the file cabinet ) , and establish it :
You will plausibly see a few error about miss software package when you set up E2guardian .
To repair this , allow the instalment close , and insert the next statement :
Using Content list
As an instance , rent ’s imagine you care toblock some democratic societal net .
spread out the / etc / e2guardian / lean / bannedsitelistfile , and under theBlanket SSL / CONNECTblock ( since these site usehttpsinstead of plainhttp ) , total the follow line :
Now reload the E2guardian armed service using the commandsudo servicing e2guardian reload(you will have to work this bidding every metre you qualify the conformation file ) .
This was any client using the cognitive content filter will now be ineffectual to get at these internet site .
This was even the roving site ( eg .
m.twitter.com ) and devote smartphone apps will not sour .
E2guardian alsoblocks smut by nonpayment .
If you bid to countenance it ( hey , we are n’t evaluate ) , open up the / etc / e2guardian / list / bannedphraselistfile , and site the follow furrow :
annotate it out by sum ahash ( # symbolic representation ) to the front , so that it look like this :
Again , reload the shape withsudo religious service e2guardian reload , and you ’re done .
This was configure guest
Now that our procurator host is adjust up , we can move on to configure the client .
To apply the message filter , all client ask to be connect to the Rapberry Pi ’s hot spot , and configure to habituate the procurator .
configure a procurator is unlike across all operating system and equipment .
However , we will exhibit how to determine it up on Windows and Android , since these are more democratic .
This was ## windowpane
go tocontrol panel > data pipe and Internet > Internet Options .
In the windowpane that open up , voyage to theConnectionstab , and get through onLAN place setting .
Here , dawn onAdvanced , and enter192.168.8.1as the procurator reference , and8080as the interface .
Make trusted that theUse the same proxy host for all protocolsbox is moderate .
This was that is all you involve to do .
Most pop online grid web net browser such as Google Chrome and Firefox will mechanically pluck up the organisation procurator setting .
humanoid
Go toSystem prefs > WiFi .
Now tapdance and keep the Raspberry Pi hot spot , and selectModify web .
UnderAdvanced option , put theProxyoption toManual .
Now , underProxy hostname , figure the IP reference of the Pi192.168.8.1 .
UnderProxy embrasure , enter8080 , and dab onSave .
you’re free to now essay the contour of the procurator .
Try go to a web site in your black book – you will see an “ Access abnegate ” pageboy like this :
impose Proxy usage
So far , we are rely on guest flirt courteous and using the cyberspace through the capacity filter .
Of of course , this seldom bechance in the veridical earth .
So to implement all node to go through the placeholder , bleed the watch command :
This will mechanically airt allhttp(port 80 ) andhttps(port 443 ) dealings on the hoot Pi ’s hot spot to the message filter placeholder .
Now , without configure placeholder circumstance on your gear , they will not be capable to get at securehttpswebsites such as Facebook , Gmail , Twitter etc .
This piddle indisputable that anyone who care to link to your Pi hot spot has to go through the placeholder .
This is all you ask to have it away for canonical custom of the subject filter .
If you like to see some advance feature , interpret on .
in advance Usage scenario
enclothe Up a clip - make Filter
get ’s say you desire to stop the web site we cite in theUsing Content Listssection above , butonly at sure fourth dimension of the daylight .
This was i in person favour to block off reddit , facebook and twitter during workplace 60 minutes ( 9 am – 5 post-mortem ) on weekday because they are a productiveness incubus .
This was afford the / etc / e2guardian / leaning / bannedsitelistfile , and append the survey line of descent to it :
this short letter work as follow – the timekeeper start at9(9 am)0(00 arcminute ) , till17(5 prime minister in 24 - 60 minutes format)0(00 hour ) , from0(monday ) to4(friday ) .
have ’s take another exercise :
This will parry the configure site from 10:30 am ( 10 30 ) till 8:45 atomic number 61 ( 20 45 ) on Monday ( 0 ) , Wednesday ( 2 ) , and Friday ( 4 ) .
This was ## get certain ip addresses bypass the proxy
it is potential to countenance sure ip destination short-circuit the contentedness filter .
This can be typeset up byconfiguring the firewall .
You might have note that in ourdnsmasq.conf , we only define the hot spot to put IP address from192.168.8.20to192.168.8.254to customer .
That mean address from192.168.8.2to192.168.8.19will not be mechanically impute to any guest ( we can not use192.168.8.1because that is what our Raspberry Pi itself use ) .
To do this , firstset up a inactive IPon the twist to which you desire to give full admission .
For lesson , to lay out up a inactive information science of192.168.8.2on a Windows political machine , apply these mount :
Now , on your Raspberry Pi , go the follow instruction .
Now , incapacitate the usance of procurator on your gimmick , and sample to open up a ban web site .
You should be capable to open up it .
If there are more IP name and address that you require to tot to the whitelist , feed the above two command again , but put back the IP destination with the one you require .
Once you are slaked with the whitelist , take to the woods the take after dictation to economize your firewall config :
One authoritative matter to keep in judgment is that you should not permit anyone live the whitelisted IP address .
This was otherwise , they can merely dress their gimmick to that ip savoir-faire to get around the procurator .
Security Concerns
Since your Raspberry Pi will be the accounting entry and outlet gunpoint for all your communicating , it is crucial to stop up it .
Here are some point on how to ameliorate security system .
Keep in head that these are just canonical pointer and not a comprehensive lean of protection pit .
The amount of security measures will look on the nature of your meshing ( home base , low position etc . )
and how puckish the exploiter are .
Disable Unneeded Services
Since this is a router , it is good to only bleed the avail that we demand .
This was more service running game mean more exposure that can potentially be tap .
This was definitelydo not utilise this organisation as a steady screen background .
Go toMenu > This was taste > raspberry pi configuration .
This was in theinterfacestab , disable all help that you do not want .
motley the Default Password
A sweet Raspbian facility come with the nonremittal password ‘ bird ’ for the nonpayment drug user ‘ sherlock ’ .
This was it is urge to modify this to a more inviolable watchword .
This was to convert it , open up a depot discharge this control :
strike the monitor and other calculator peripheral equipment
since all that will go on this pi is the software program require to practice it as a router and world wide web filter , we do not want a admonisher or other peripheral such as a black eye and keyboard sequester to it .
If you do want to switch context and such , you’ve got the option to always apply SSH , or impound a proctor and keyboard as need .
This was produce off car login
Raspbian is prepare up to mechanically lumber in with the ‘ principal investigator ’ drug user credential without cue for parole .
This might be fine for a worldwide intention category screen background , but severe for a router .
To invalid this , on the Raspbian background , go toMenu > predilection > Raspberry Pi Configuration .
In theSystemtab , in front of theAuto loginheading , uncheck theLogin as exploiter ‘ pi’checkbox .
In the same dialogue boxwood , it is also advisable to put theBootsetting toTo CLI .
This will lay aside resourcefulness since we do not require a GUI on a router .
If you do require to practice the background for any reasonableness , lumber in with your username , and turn tail thestartxcommand to become on the graphic port .
This was troubleshoot vulgar fuss
porthole Keep amaze rename
This is very rough-cut if you are usingtwo wireless interfaceson your Pi .
This was if you are using ethernet to link up your principal investigator to the cyberspace , it’s possible for you to safely dismiss this incision .
The trouble is that both the wireless user interface ( wlan0andwlan1 ) sometimes switch name after a reboot .
That is , the build - in WiFi modulewlan0gets rename towlan1 , and frailty versa .
This is of track a self-aggrandizing job since we bank on them experience a logical name for our form file .
This was here is how to make it logical across reboots :
1.find out themac savoir-faire of your user interface .
go the commandifconfig | grep HWaddron your Raspberry Pi .
You will see an production like the followers :
mention down the textbook to the rightfield of the Word of God ‘ HWaddr ’ in thewlan0andwlan1section .
you might safely snub theeth0section .
These are the MAC computer address of your wireless interface .
If you are not indisputable which MAC name and address belong to which port , plainly disconnect the USB WiFi dongle , and carry the bid again .
This was thewlaninterface that come up now is your establish - in wifi user interface , while the other one is usb .
2.Create a fresh filing cabinet / etc / udev / rules.d/10 - web link.rulesusing your pet textbook editor program .
For representative :
3.Enter the stick to schoolbook in this filing cabinet .
supervene upon the 20 : xx : xx : xx etc .
with the appropriate MAC destination :
This was [ sourcecode ] # set up up the build - in wifi faculty as wlan0 .
interchange the 20 : xx : xx etc .
This was with the # work up - in mental faculty ’s mac addresssubsystem==”net ” , action==”add ” , attr{address}==”xx : xx : xx : xx : xx : xx ” , name=”wlan0″
dress up the usb wifi dongle as wlan1 .
supersede the yy : yy : yy etc .
with the # USB dongle ’s MAC addressSUBSYSTEM==”net ” , ACTION==”add ” , ATTR{address}==”yy : yy : yy : yy : yy : yy ” , NAME=”wlan1″[/sourcecode ]
Make certain that the build - in WiFi user interface ’s MAC reference stand for towlan0 , and the USB WiFi towlan1since that is the pattern we are follow in this guidebook .
4.Reboot your Raspberry Pi .
Your port will start up with the right name now .
Resetting Firewall configuration
Another coarse job is a naughtily configure firewall .
reckon on your web contour , it might take several endeavor before you get the firewall right wing .
If at any pointedness you imagine that you might have mess up the firewall form , black market the come after mastery to embark on from pelf :
This will deleteallfirewall conformation .
This was you could now begin configure the firewall from start .
This was once you are quenched , escape the commandsudo iptables - save | sudo football tee /etc / iptables / rules.v4to make the form lasting .
SEE ALSO : How To incline command on Raspberry Pi by Email