• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trying to block sites for a school network (i.e. myspace, etc)

Scheduled Pinned Locked Moved Firewalling
4 Posts 3 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    digitalx2001
    last edited by Jul 27, 2006, 10:30 PM

    I'm running a network for an elementry school, and will be installing a pfsense box as a content filter. I'm trying to block some sites such as MySpace and any other sites that they tell me they don't want the kids accessing.

    So I determined the myspace IP (216.178.32.51) by pinging it and then set a LAN rule to block it, like so:

    Proto    Source    Port      Destination        Port    Gateway    Description
    TCP      *            *          216.178.32.51  *        *     
    *          LAN net  *          *                      *        *              Default LAN -> any

    And, after reading another post about blocking AIM and MSN messenger, i got the idea to use DNS Forwarder to set a fake resolution, like so:

    Host        Domain            IP              Description 
    myspace  myspace.com  127.0.0.1    myspace fake

    Going to 216.178.32.51 in a web browser fails, but going to myspace.com does in fact still work; even though it takes a little longer, I guess it still resolves somehow. I also tried to set it to like 1.1.1.1 instead of 127.0.0.1 as I had seen in another post, but neither worked.

    I'm stumped and would really like some help.  I also installed the Squid package, and from what I gather that can be used to filter content as well, but I have no idea how to get that working.

    Any help would be greatly appreciated.  The best way to block websites with pfsense is what I'd like to do… however that may be.

    1 Reply Last reply Reply Quote 0
    • A
      andrewp
      last edited by Jul 27, 2006, 10:40 PM

      If you do

      nslookup myspace.com

      you'll see that in addition to 216.178.32.51 you should also block access to

      216.178.32.48, 216.178.32.49, 216.178.32.50

      1 Reply Last reply Reply Quote 0
      • D
        digitalx2001
        last edited by Jul 27, 2006, 11:40 PM

        Awesome, thanks.

        As a side note for anyone else who might be tyring to block myspace… heres all the URLs that (at least so far) I have found for myspace.  They include myspace.com, vids.myspace.com, login.myspace.com, and home.myspace.com.  I wouldnt be suprised if I missed some. I found all these because my browser, after being rejected, gets redirected to google.com's search, where you can 'view a cached page' of myspace.com.  This is a partial bypass of the firewall I had set to block only 'myspace.com' IPs, because of their subdomains.  So, this might be helpful if you're in the same spot as me, thought I'd pass it along.

        216.178.32.48, 216.178.32.49, 216.178.32.50, 216.178.32.51, 216.178.32.34, 216.178.32.40, 216.178.32.41, 216.178.32.42, 216.178.32.45, 63.208.226.224

        I made all these IPs an alias to make for an easier firewall block rule.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Jul 29, 2006, 7:25 PM

          Plain firewall rules really isn't sufficient to block web sites, if you want to do it effectively.  Anyone looking to block web sites should look at a proxy server in addition to your perimeter firewall.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received