[ale] Complex QoS rules on network reorg.

DJ-Pfulio DJPfulio at jdpfu.com
Sun May 22 20:02:54 EDT 2016


On 05/22/16 19:01, dev null zero two wrote:
> pfsense yo

+1. There is also OpenSense for consideration. Not sure about the diff.


I'll never go back to any consumer router HW or distros. ddwrt / openwrt
/ tomato seem like toys in comparison.

BSD QoS really works. Used it for video/BT and by subnet.

I'd split the different areas into different subnets, not just different
ranges on the same LAN. If you don't use an enterprise-grade
router-distro, you can deploy 2 or 3 cheap home routers to do the same
thing - would be smart to put the kids and game system on their own
network, away from important stuff.  Each internal network would be on
their own subnet.  You lose good, working, QoS for this method, I'm
sorry to say, based on my experience.  Perhaps things are better with
Linux QoS these days? I dunno.

For controlling kids, use a invisible proxy and don't give their devices
a default route - only the proxy server should have a route to the
interent.  That way they can't just bypass the proxy and go.  Make the
router block all IPs except that of the proxy and specific systems you
want un-proxied access for - like your laptop.

An easy way to prevent access to the internet is to use USB wifi dongles
(those are the ones in the approved DHCP reservation list) and simply
take those away from the kids when you want to block network access. I'd
block the MACs for the built-in wifi, prevent them from getting on the
home network.


More information about the Ale mailing list