User profile for user: Jkay22
Jkay22 Author
User level: Level 1
5 points

Secretly tunneling past restrictions?

Got a question I’m hoping someone can help me with. My husband has had issues with sexual addiction so he had me set up screen time and whatnot. I have it set to 12+ and I have to approve any websites he needs to use. However he is an IT tech and I have a feeling he is somehow finding ways to tunnel past the restrictions. I run port checks and he just had port 853 open along with 62178 sync (which also shows up on my iPad, Apple TVs etc.) I am also wondering if he isn’t altering IPs and MAC. His IP is set to static .204 and that doesn’t change but it shows up with different names on occasion. When an unknown device connects I do a MAC look up and it usually says nothing is registered to it as well as the IP search/Private Almost every device shows up as “Generic” and says Host is Hidden on network scans. He has also set up shortcuts and automations to connect his Macs display to the IPad .




[Edited by Moderator]

iPhone 16 Pro Max

Posted on Dec 8, 2025 7:49 AM

Reply
4 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,875 points

Dec 8, 2025 10:09 AM in response to Jkay22


Jkay22 wrote:

Got a question I’m hoping someone can help me with. My husband has had issues with sexual addiction so he had me set up screen time and whatnot. I have it set to 12+ and I have to approve any websites he needs to use. However he is an IT tech and I have a feeling he is somehow finding ways to tunnel past the restrictions….


Usual approach for network access control here would be RADIUS authentication for network access (media access control-based authentication is trivially bypassed) and the user profiles then tie into firewall prohibitions and related rules, and probably with all outbound traffic blocked except that explicitly permitted. This all involves adding DNS / DoH / DoT blocks at both routing and user layers, and blocking Private Relay (configure translations for mask.icloud.com and mask-h2.icloud.com as NXDOMAIN) and blocking common VPN shenanigans (at the router, and at the application layer), and running your own DNS filtering and network monitoring.


Basically, you become network IT, and this also with “pro-sumer” or higher-grade networking gear and network services installed. (Network gear recommendations available upon request.)


Pragmatically, this whole effort usually degrades into manually-permitting specific sites and specific services, and blocking all other outbound connections; the IT version of Whac-A-Mole.


And — as parents tend to learn late, if at all — any sufficiently determine kid can bypass parental controls and firewalls, and on an allowance-scale budget.


As for an adult with a adult budget and access, yeah, I can bypass your puny blocking efforts. I can bypass any network I can lock down myself, too.


That might be some service that emails pictures for instance, or as simple as cellular-connected devices or access to neighbors’ Wi-Fi; as paths you don't know about, and cannot control. Things can and do get stinky, too.


This whole effort just isn’t something that can be externally imposed. Not technically.


Viewed positively, folks that are good at this sort of IT can be in demand in the jobs market, though.

Reply
User profile for user: Jkay22
Jkay22 Author
User level: Level 1
5 points

Dec 8, 2025 9:00 AM in response to Carol B.

Oh I absolutely understand that, I’m not expecting any answers to our obvious issues on here! I just was hoping someone could help me understand what may be going on because I don’t do technology at all. Do you happen to know if private or “User Defined” ports are something he has to manually set up or if it’s something like apps opening different ports? I’m just trying to get a little honesty from SOMEWHERE!!

Reply

Secretly tunneling past restrictions?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up