Raises hand, network wins this time.



  • I'm such a newb. I've tried blocking certain websites, (myspace, etc) in LAN, WAN, any source, protocol. I was a good egg and read ton-o-posts, links, general forum->repeated questions, post by hoba and so much more. I swear I followed to the "T" what was told to do in each instance. I configured on router and tests failed on clients. I cannot figure it. What book do I have to go buy and learn something or my next step? I hate getting whipped, but I raise my hands up, I'm beaten, please help.  :-[



  • Your best bet is try out the SquidGUARD package.   Blocking websites can be tedious because a lot of times a website has multiple ip addresses and they can change depending on if the hoster has load balancing, etc..

    For example, take a look at www.google.com:

    scott-ullrichs-mac-pro:~ sullrich$ dig www.google.com @10.0.0.65

    ; <<>> DiG 9.4.1-P1 <<>> www.google.com @10.0.0.65
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24580
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.google.com. IN A

    ;; ANSWER SECTION:
    www.google.com. 1301 IN CNAME www.l.google.com.
    www.l.google.com. 300 IN A 74.125.47.147
    www.l.google.com. 300 IN A 74.125.47.104
    www.l.google.com. 300 IN A 74.125.47.103
    www.l.google.com. 300 IN A 74.125.47.99

    ;; Query time: 54 msec
    ;; SERVER: 10.0.0.65#53(10.0.0.65)
    ;; WHEN: Fri May  2 17:12:35 2008
    ;; MSG SIZE  rcvd: 116

    Notice all of the A records pointing to 4 different IP addresses.

    Now watch what happens when I query a different name server:

    scott-ullrichs-mac-pro:~ sullrich$ dig www.google.com @10.0.0.11

    ; <<>> DiG 9.4.1-P1 <<>> www.google.com @10.0.0.11
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40747
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.google.com. IN A

    ;; ANSWER SECTION:
    www.google.com. 1333 IN CNAME www.l.google.com.
    www.l.google.com. 268 IN A 74.125.47.104
    www.l.google.com. 268 IN A 74.125.47.103
    www.l.google.com. 268 IN A 74.125.47.99
    www.l.google.com. 268 IN A 74.125.47.147

    ;; Query time: 44 msec
    ;; SERVER: 10.0.0.11#53(10.0.0.11)
    ;; WHEN: Fri May  2 17:13:07 2008
    ;; MSG SIZE  rcvd: 116

    See the different IP address in there?   It gets rather tedious to add all of these IP addresses to the LAN block rules to enforce blockage.   Using SquidGUARD shifts the burden to the protocol level.

    Hope this helps.



  • A few days ago this was posted

    Another option is to use www.Opendns.com  I also only allow my dns servers to access 53 to the WAN so users cannot circumvent dns filtering



  • @Perry:

    A few days ago this was posted

    Another option is to use www.Opendns.com  I also only allow my dns servers to access 53 to the WAN so users cannot circumvent dns filtering

    Yes, I keep forgetting about OpenDNS's extra features (I use it only for DNS with no blocking at home).  That would be perfect for you, give it a try.



  • Wow..thanks guys. I see what you mean about multiple IP's. Try not to laugh to hard, but imagine before this post a newb like me pecking away at work putting 15 Ip's for one site I did :-[

    I will try the SquidGaurd and the OpenDNS. Oh man…talk about feeling spanked, but I refuse to quit...Heh. You guys rock.


Locked