Hello, I'm looking to buy a router to config firewall for parental controls. I have a Spectrum modem (rented for free) and Eero wifi router so I plan to use the router as
I wouldn't recommend setting up your network as you have described, unless the Eero can be placed in AP only mode (i.e. not routing). Two reasons for this:
all of your clients will be behind double NAT. This isn't a huge issue most of the time, but can cause some issues with certain services/protocols.
All of your devices will appear as a single device from the perspective of the OpenWrt router. This is the result of NAT masquerading which will happen on the Eero router (unless this can be disabled). The result is that you won't be able to distinguish any of the devices that are allowed to access certain content vs those that are not allowed.
Instead of your approach, I would consider using a PiHole type DNS based solution instead. Or remove the Eero router from the equation.
Psherman has a very good point, regarding the single IP issue.
But it also depends on your use case, I'm using a setup where all DNS requests are coming from a single IP - my pihole's cloud hosted.
It works, but access to certain sites is blocked for all, not only devices used by the kids.
AFAIK pihole doesn't have any scheduling, so you can't switch access/rules on and off automatically.
Disney Circle might be a better product for you, since it's put inside your network.
You simply have to intercept those calls in the firewall, and redirect to the pihole, no biggie.
I do it with all calls to 8.8.8.8 (hard-coded DNS in some googles devices), not because it makes any difference, but the I can stop the kids from telling Google home to play stuff on the chromecast, from YouTube or some other streaming source.
If I understand correctly, you are recommending firewall AND pi-hole - actually that makes sense. Do you use OpenWrt for the firewall? How's your setup?
If you're considering the pi, I'd install a Linux dist on it, so a pihole can be installed, then you wouldn't have to have two devices, but one.
The RPi would host the pihole, and be the router.
Problem would be the steep(er) learning curve of Linux, unless you're already familiar with it.
No, I don't use openwrt as a FW, but that's because of other reasons.
I was missing something basic completely - I have several raspberry pis, and I am familar with Linux and pi-hole, but I didn't imagine I can set up OpenWRT on top of RPi. Sorry and thanks for pointing it out!
Where can read docs on hosting firewall on RPi so it can intercept DNS traffic?