1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato 1.28 Access Restrictions remote confirm?

Discussion in 'Tomato Firmware' started by Heather22, May 29, 2013.

  1. Heather22

    Heather22 Addicted to LI Member

    I was wondering if there is a way I could check to see if an access restriction was working remotely. (From within my home, same network, different device).
    The device I am trying to block is an iPod / iPad.
    I have a restriction set up to block all Internet access between the hours of 9pm to 7am Sunday through Thursday.
    I know the rule is set up properly because it seems to be working, however I'd like to make sure there is no proxy being used, and just to make sure that there are no sites being accessed during this time.

    Thank you !
  2. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Add one of your own devices' MAC to the access restriction and test it.
  3. Heather22

    Heather22 Addicted to LI Member

    Thank you for the reply Malitiacurt.
    I set up the rule using this method. When I saw it was working, I swapped out my MAC with the MAC address of the ipod that needed to be regulated.
    But my question is, can her device be monitored / tested for activity while the access restriction is on?
    If I added my device to the restriction, I could test my computer by using it but, I couldn't remotely test if she has internet access by way of proxy or other method if any.

    I was using a different firmware for years. It had the features I grew accustomed to. However, it is not as stable as tomato and not and the GUI is not as fast/responsive. I'm really surprised a web monitor has not been implemented which shows a list of keywords searched and sites being visited in real time.
  4. Toastman

    Toastman Super Moderator Staff Member Member

    Are you using a recent version? We've had this for quite a long time.
  5. Heather22

    Heather22 Addicted to LI Member

    Omg! Toastman! I am a new big fan of yours! :)
    I was running the stock version of tomato for 2 days until yesterday when I discovered your work.
    I do see that you implemented the visited sites list and keyword search as well as other improvements in tomato.
    I have a linksys WRT54G-tm and I loaded tomato-ND-1.28.5x-109-VPN.trx
    I'm having difficulty preventing ultrasurf proxy from bypassing the rules without shutting down all Internet access to a specific machine(s).
    Thank you kindly :)
  6. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Unless a proxy server/vpn server/ssh server (anything to tunnel traffic through) is running on your local network (aka one of your computers has one running), a local device cannot access a internet proxy when you 'block all internet access'. That's not how a proxy works; the device still has to go through your router's gateway to access the WAN/internet.

    Of course there are ways to circumvent this but seems highly unlikely with an ipod/ipad.
  7. Heather22

    Heather22 Addicted to LI Member

    Thank you Malitiacurt, true ultrasurf can not access ty Internet when "block all Internet access" is enabled for a specific device.
    I tried it with a computer here and it couldn't connect to server. That's great!
    Is there a way to block ultrasurf (or any other proxy) with Toastmans build if I have website restrictions or DNsmasq enabled?
    Thank you. That is my final question!
  8. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Not really, it will 'temporarily' work as in a user will be blocked from those specific proxies you block but they can easily find other ways to bypass it. Eg. You could block by website url but there's easily ways around that. You could try blocking by IP but that just means finding another proxy IP. You could try blocking by ports but that'll usually inhibit normal internet usage cause some proxies will use ports on commonly-used ports like 80, 443, etc.

    It's the same issue with the whole countries (China, Iran, etc.) trying to censor the internet. Users can still proxy/vpn/ssh tunnel their traffic outside to uncensored internet.

Share This Page