Small office Server & firewall help

Ok, back again, installed pihole and configured it, it seems my Asus router is dead, and the basic Dlink 816 R router is not accepting the Pihole ip as DNS Server, so looking to buy a new router, since I have two ISP's as a fall back option, I am thinking of buying a router that supports dual WAN, need your help, thinking about Cisco Business Rv320 or can you suggest something that supports dual wan and also Pihole.
 
Srinivas_june23 said:
Ok, back again, installed pihole and configured it, it seems my Asus router is dead, and the basic Dlink 816 R router is not accepting the Pihole ip as DNS Server, so looking to buy a new router, since I have two ISP's as a fall back option, I am thinking of buying a router that supports dual WAN, need your help, thinking about Cisco Business Rv320 or can you suggest something that supports dual wan and also Pihole.
Click to expand...
Why not get r7000 or something newer with customer firmware support, perhaps on a good deal. Reviews of that cisco router on amazon.com show r7000 is better than it.
 
Wouldn't most of these solutions not work on https? I am on the same boat as OP. I have tried pfsense in the past and I think it would work well (haven't got time to set it up completely yet)
 
Pat said:
Wouldn't most of these solutions not work on https? I am on the same boat as OP. I have tried pfsense in the past and I think it would work well (haven't got time to set it up completely yet)
Click to expand...
DNS based blocking will work fine. Even parental controls would work. Router based bandwidh limits for client PC will also work.
 
Party Monger said:
DNS based blocking will work fine. Even parental controls would work. Router based bandwidh limits for client PC will also work.
Click to expand...

But if the user were to use IP then instead of domain name, then the sites would still be accessible, won't they? I am not an expert by any means but as far as I know, the only reliable way to intercept and block HTTPS traffic is through MITM

Details:
https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense
 
Pat said:
But if the user were to use IP then instead of domain name, then the sites would still be accessible, won't they? I am not an expert by any means but as far as I know, the only reliable way to intercept and block HTTPS traffic is through MITM

Details:
https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense
Click to expand...
Well a dns server can only work on dns requests for domain names.
The firewall on your router should be able to block IPs. Null route all the traffic to those IPs. Pretty easy to do that on most custom firmwares -
http://www.linksysinfo.org/index.php?threads/how-to-block-an-ip-address.33729/


But then, If I had people smart enough to do that on the network, I'd rather not do any of these in the first place. Its pointless to restrict someone tech savvy. Its a cat and mouse game. Will result in waste of time and they will resent you. Plus everyone has a phone so, you're not really stopping them.
 
Back
Top