Keeping The Kids Safe Part 2: MITM Lessons Learned

We lasted about a day with the new content filtering that I put in place before we switched the kids back to the old open WiFi network. We encountered two problems: Missing whitelist entries, and well built apps that depended on not messing with their certificates with a MITM attack.

Amazon Video, for one, will not communicate with its servers if you tamper with its certificates. Given that the sort of inspection I am doing is a Man-In-The-Middle (MITM) Attack, they have a point. I thought I had prevented this problem, but as it happens, I did not understand two things: SSL inspection, and how Squid decides to mess with certificates.

Continue reading “Keeping The Kids Safe Part 2: MITM Lessons Learned”

16 IPv6 subnets with pfSense and Comcast

One part of my project is to set up IPv6 on certain of my VLANs. IPv6 has long been a bit of a mystery to me. While IPv4 is complicated, the addresses can be held in memory, so we’ve all gotten used to memorizing 4 octets. Further, it allows a fairly simple topography in that the subnets are ‘human-sized’. IPv6 is totally different. It has huge numbers and unreadable addresses. I want each of my VLANs to use IPv6 subnets as appropriate, so here is how I did it. It’s not too complex.

Continue reading “16 IPv6 subnets with pfSense and Comcast”

Keeping the Kids Safe from the Internet with Filtering

This part of the project is easily the most complicated I did, and also took me the most time. There is a quote from a book that I read that ‘information wants to be free’ (a little googling tells me it’s been around for a long time, but I read it in a book by Charles Stross), and this certainly proves it. Trying to make it so kids can’t get to the bad parts of the internet is a good example of this, since you need to do a ton of things to make the filtering work. Here is what I did:

The Goal

The goal is to have a transparent proxy for http and https that keeps my kids away from bad content and redirects them to a friendly error page to tell them that. I wanted to have content screening and filtering, with whitelists to add in what I want them to have access to.

This design is complicated, and it took a while to make me familiar with all the technologies involved. Plus there are some things that I just could not have with my technology.

Continue reading “Keeping the Kids Safe from the Internet with Filtering”