Setting Netgear router to use OpenDNS as family web site filter

I've used OpenDNS a number of times in the past to restrict the sites that my kids can easily (or accidentally) visit from their computers. OpenDNS is a free Domain Name Service that you can use for your computers. It has filtering capabilities which prevent name resolution for sites that you want to have blocked. For example, if you don't want your computer to be able to surf to adult content sites, there's a check box. Then, when your browser requests 'naughtyvideos.com' web address, OpenDNS will return a harmless web site IP number that shows a page with "this site is blocked" message on it.

While OpenDNS is not completely fool proof from a security perspective, it definitely makes it more difficult to purpose-fully or accidentally visit sites that you don't think people should be visiting.

Setting up OpenDNS involves creating an account on their system (http://www.opendns.com) then setting your computer to use their DNS server instead of whichever one was provided by your internet service provider. I went a step further and actually programmed my wireless router to use OpenDNS so that it automatically handed out that server when it issued DHCP addresses.

First, you need an OpenDNS account. It's fairly simple to set up. During the process, you need to visit the "Dashboard" area and use the "Settings" tab to choose which kinds of sites you want to block for a particular network. I chose "Moderate" filtering which blocks most pornography/adult sites as well illegal activity, adware sites, etc.

Next, you need to configure at least one computer in your network to run the "OpenDNS Updater" agent. This installs on your PC and sends periodic updates to OpenDNS to know what your public (real) IP address is. OpenDNS uses your IP address to determine what filtering settings match your account. Since most home systems us dynamic IP address from their ISP, the updater makes sure OpenDNS knows who you are even if your address changes.

Finally, I set my router to use OpenDNS so that all the random wireless devices on my network would be properly filtered. In my case, I have a Netgear wireless router that I use inside my house.

1. Log into router as 'admin'
2. Go to "Basic Settings"
3. Set "Get Dynamically from ISP" for Internet IP Address unless you have a specific reason NOT to do so.
4. For Domain Name Servers (DNS) address, set to "Use these servers" and enter the numbers that OpenDNS publishes on their site
1. Primary: 208.67.222.222
2. Secondary: 208.67.220.220
5. Hit apply and allow your router to reboot.

Now, any device that connects to the wireless (or wired) network will automatically use OpenDNS for name resolution.

In my case, I have two routers on my network: and "outer" one that connects directly to my ISP and an "inner" network which I placed in a central location in the house so wireless works better. I configured the inner router to use OpenDNS and my outer one uses standard DNS. This allows me uncensored access to all sites from some of my computers. It also means that I needed to go around to some of my PC's in the house that were hard-wired to the outer network and specifically set them to use OpenDNS in the TCP/IP settings. OpenDNS provides some good instructions on their site for doing that.

That's it. A slightly-more-secure network that might do a slightly better job protecting my children from nefarious content out there.

Running eSATA drive with single cable from laptop

My Dell Latitude E6520 has a combo eSATA/USB port. They make SATA drives with external enclosures that should be able to hook up to this kind of things. USB, by spec, carries power. It seems reasonable that I should be able to get a cable and an enclosure that grab that power and push it to the drive while carrying data at the same time. Easier said than done.

Tried this combo:

• Dell Latitude E6520
• Star Tech "infoSafe" silver power eSATA to SATA external hard drive enclosure (S2510PESAT) - $25
• Aleratec Power over eASATA cable (X0003ZRM9F) - $12

Initial connection shows now power when using just the eSATA cable and enclosure. However, if I connect the funky USB pig tail, then the power comes on and it works. After investigating with StarTech and Alertec, I came to the conclusion that the cable wasn't correct. Alertec sent me a replacement cable and magically everything started working. The new (correct) cable had cable ends that were molded with the words "SATA + USB" on them, indicating that it knew it was using USB power. The original (incorrect) cable did not.

Original investigation certainly confirmed that all my concerns with the cable were true. This post (http://forum.notebookreview.com/dell-latitude-vostro-precision/390744-power-over-esata-latitude-e.html) talks about Dell E6500 not directly supporting it, although it supposedly has the "modes" for it. It leads to various places that don't really tell me if things are supposed to work. It also has a link to another thread with some more analysis: http://forum.notebookreview.com/hardware-components-aftermarket-upgrades/349325-esata-external-hard-drive-enclosure-supports-power-combo-usb-port.html 

When I talked to StarTech, they indicated that it should always work if the right cable is in place. The laptop does NOT do anything crazy like disabling the USB power when the eSATA is connected.  Their claims is that their ESATAUSB3 cable should work properly ($25 cable). Thankfully my $12 cable for Alertec worked AFTER they sent me the correct one. Demerits to them for sending me the wrong one the first time.

As another possible solution, there are reports that this $13 drive enclosure from geeks.com works for both AND includes a cable: http://www.geeks.com/details.asp?invtid=HE-2521B&AID=10439518&CJPID=3640576&cm_mmc=CJ-_-2617611-_-3640576-_-Geeks.com_Gifts. The pictures don't necessarily indicate that it has a single eSATA/power cable, so it's tough to tell. 

After hooking things up I determined that  the eSATA connection is about 2x as fast as the USB connection with nothing difference except the cable hookup. I can copy a 3GB file from laptop to external drive in about 60 seconds. The same file over USB takes 120 seconds. Read caching during the USB copying process actually causes it to peak at 100 MBs, then slowly ramp down to about 40 MBs during the first 60 sec of the transfer, but then it freezes at 100% status for another 60 seconds while it finishes writing things. With the eSATA copy, it was a more constant 40-50 MB/s and gave an accurate representation of 100% completion, then finished immediately.

Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn't seem to be set up to do it without some adjustment. These are the steps I used to enable smart cards (CAC) in Firefox.

First, you need some kind of client library that provides what Firefox needs. Two options for this are Active Client (standard use by DoD and other government agencies) and OpenSC. I chose OpenSC just because it seems to be fairly light weight and easy to install.

First, download and install OpenSC from it's web site. (http://www.opensc-project.org/opensc/wiki) Installation was fairly brain dead and easy. Unfortunately, it did NOT actually enable Firefox with the smart cards, so I had to use some older, more drastic methods.

I used and older set of instructions as a reference that popped up in Google: http://www.opensc-project.org/opensc/wiki/MozillaSteps. To do this, basically do the following:

1. Firefox: Tools > Options: Advanced tab
2. Manage Security Devices
3. "Load" a new security device
1. Name as "OpenSC PKCS#11 Module"
2. Browse to C:\Windows\System32\, choose opensc-pkcs11.dll
4. Click Ok, Ok, ..., Ok to finish everything

Now, when you access a CAC-required web site, it should pop up a box and ask you to select a smart card certificate. The interface isn't as pretty as either IE or Chrome, but it seems to work.

Update: I've noticed that accessing other SSL sites seems to be slightly broken now, so I'm not sure if this is a problem with OpenSC, or whether something else is going on.