Raises hand, network wins this time.

Capt.Michaels

I'm such a newb. I've tried blocking certain websites, (myspace, etc) in LAN, WAN, any source, protocol. I was a good egg and read ton-o-posts, links, general forum->repeated questions, post by hoba and so much more. I swear I followed to the "T" what was told to do in each instance. I configured on router and tests failed on clients. I cannot figure it. What book do I have to go buy and learn something or my next step? I hate getting whipped, but I raise my hands up, I'm beaten, please help.  :-[

sullrich

Your best bet is try out the SquidGUARD package.   Blocking websites can be tedious because a lot of times a website has multiple ip addresses and they can change depending on if the hoster has load balancing, etc..

For example, take a look at www.google.com:

scott-ullrichs-mac-pro:~ sullrich$ dig www.google.com @10.0.0.65

; <<>> DiG 9.4.1-P1 <<>> www.google.com @10.0.0.65
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24580
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 1301 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 74.125.47.147
www.l.google.com. 300 IN A 74.125.47.104
www.l.google.com. 300 IN A 74.125.47.103
www.l.google.com. 300 IN A 74.125.47.99

;; Query time: 54 msec
;; SERVER: 10.0.0.65#53(10.0.0.65)
;; WHEN: Fri May  2 17:12:35 2008
;; MSG SIZE  rcvd: 116

Notice all of the A records pointing to 4 different IP addresses.

Now watch what happens when I query a different name server:

scott-ullrichs-mac-pro:~ sullrich$ dig www.google.com @10.0.0.11

; <<>> DiG 9.4.1-P1 <<>> www.google.com @10.0.0.11
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40747
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 1333 IN CNAME www.l.google.com.
www.l.google.com. 268 IN A 74.125.47.104
www.l.google.com. 268 IN A 74.125.47.103
www.l.google.com. 268 IN A 74.125.47.99
www.l.google.com. 268 IN A 74.125.47.147

;; Query time: 44 msec
;; SERVER: 10.0.0.11#53(10.0.0.11)
;; WHEN: Fri May  2 17:13:07 2008
;; MSG SIZE  rcvd: 116

See the different IP address in there?   It gets rather tedious to add all of these IP addresses to the LAN block rules to enforce blockage.   Using SquidGUARD shifts the burden to the protocol level.

Hope this helps.

Perry

A few days ago this was posted

Another option is to use www.Opendns.com  I also only allow my dns servers to access 53 to the WAN so users cannot circumvent dns filtering

sullrich

@Perry:

A few days ago this was posted

Another option is to use www.Opendns.com  I also only allow my dns servers to access 53 to the WAN so users cannot circumvent dns filtering

Yes, I keep forgetting about OpenDNS's extra features (I use it only for DNS with no blocking at home).  That would be perfect for you, give it a try.

Capt.Michaels

Wow..thanks guys. I see what you mean about multiple IP's. Try not to laugh to hard, but imagine before this post a newb like me pecking away at work putting 15 Ip's for one site I did :-[

I will try the SquidGaurd and the OpenDNS. Oh man…talk about feeling spanked, but I refuse to quit...Heh. You guys rock.