How to block the websites

wallabybob

Your rules look fine.

However I wonder if your alias includes all the appropriate youtube addresses. On my box a lookup of www.youtube.com returns 74.125.237.x where x is in [0..9, 14] none of which I recall seeing in your alias. There are some services that return different addresses depending on the perceived location of the requester.

Perhaps your client is using a a different name server to lookup www.youtube.com than you used. For example if I lookup www.youtube.com on my ISP's or Google's DNS I get the IP addresses listed above but if I lookup www.youtube.com on OpenDNS I get a completely different set of addresses: 74.125.237.x where x is in [96..105, 110]

mahesh2k

Hi friend,

now what i have to do. please help me. but in my system i am able to get the list of 74.125.236.X to 110 only. please help me to block youtube.

thanks
mahesh

wallabybob

@mahesh2k:

now what i have to do. please help me. but in my system i am able to get the list of 74.125.236.X to 110 only. please help me to block youtube.

In principle what you need to do is:
1. Find all the IP addresses that youtube.com maps to on the accessing system.
2. Put those IP addresses in an alias on the firewall.
3. block appropriate access to the alias in firewall rule on the interface in which the access enters pfSense.
4. reset firewall states.

If you have done all this and it "doesn't work" then you will need to provide more details. The details are important. For example, perhaps you haven't correctly setup your virtual machine environment so that access to youtube.com goes through the pfSense VM. Perhaps when you say you can access youtube.com you mean you get a ping response from youtube.com but you should expect that because your firewall rule blocks TCP access and ping doesn't use TCP.

tim.mcmanus

Here are a couple of alternative ways to do this.  I find it somewhat challenging to maintain a block list as it can quickly become a full time game of cat and mouse.

1 - Set up your own internal DNS server and have all of your clients use that for DNS.  Make an entry for *.youtube.com and have it direct to an internal static web page that says something like, "This web site is blocked by the network policy.  Please contact your network administrator for details."  This works very well.  You would also want to block outdoing DNS queries from your LAN but allow them from your DNS server.  This is pretty easy to set up and maintain.

2 - You could use an external service like OpenDNS to do the same thing.  They are a free service and you can configure pfSense to use them.  Their UI for blocking sites is pretty nice, and they do the work of keeping on top of which sites to block.  You would want to make a firewall rule on your LAN that would force all DNS queries to go to their DNS servers and block any queries that go to other external DNS servers.  This too is pretty easy to set up and is very low maintenance.

Blocking a very large and popular service that uses a combination of DNS and perimeter load balancing can be challenging, and YouTube is no exception.

mahesh2k

hi friend,

i have tried in all way to block the websites. but it is not,  i have a small doubt, with out licence of this pfsense is it working or not? if yes, where i did the the mistaken please help me. even i have installed the packages like squid, light squid and squid grand. after that i have setup the  proxy server settings also. but no use…. please help me.. if possible send me any snapshots.

thanks & regards
mahesh

stephenw10

@mahesh2k:

i have a small doubt, with out licence of this pfsense is it working or not?

Yes it is. pfSense is free and open source there are no licence requirements for it's use.

You simply need to find out what IP(s) your clients are using to connect to youtube and block them.
Run a packet capture on LAN and filter for your clients IP. Open youtube on the client. Check the capture logs.
Unfortunately when you open a web page like youtube.com you will open connections to many places so you might have to experiment to find which is actually youtube.

Steve

Nazilus

Firewall Rule:

Protocal> any
Source> Lan subnet

should work in a minute

stephenw10

@Nazilus:

Firewall Rule:

Protocal> any
Source> Lan subnet

should work in a minute

Yep that will 'block the websites', all of them.  :D

Steve

Nazilus

BTW, i only put "youtube.com" in Aliases with "HOST" type

it work for me as some point.

but what i'm trying to looking here is

i got 3 LINE of internet. i want to point this youtube site to some LINE that i want to.

But this won't work at all!

Nazilus

DONT TRY TO FIND YOUTUBE IP. LOL i been try before. massive of them on this earth.