Trying to block websites at gateway

C

CeD

Limp Gawd
Joined
Feb 10, 2003
Messages
182
Hey all,

I am trying to block numerous websites at the gateway. However, I have been unsuccessful with a couple:

1) webmail.cfl.rr.com
2) hotmail.com
3) login.passport.com

I have pinged the above sites to retreive their IP's... I have blacklisted their IP's and they are still not blocked. I have been successful at blocking many sites by using this technique.

Any ideas why I can't get the above sites to work?
 
Those sites probably have multiple IP addresses. What kind of gateway? You could make a DNS entry for those sites that steers it to an html document that says "these are off limits...get back to work", or steers it to nowhere. Otherwise, an entry in the "hosts" file on each individual machine would do it.
 
CeD said:
1) webmail.cfl.rr.com <--- rr uses port 443 (https protocol), so try configuring your access list to block the destination IPs on port 443.
2) hotmail.com <---nslookup gives 3 IPs for this one, you'd need to block them all going out on port 80.
3) login.passport.com <-- this one has 2, same as the above.
Click to expand...

You should be able to configure an access list or firewall rule blocking the traffic from the local net source to the wan destination IP and ports. If you're using a cisco router as a gateway, setup an extended access list, include a permit any any for all other traffic, or the implicit deny all at the end won't let anything out, and then bind the list to the interface. If you're running another type of hardware, consult that manufacturer's site for how to configure ACLs or Firewall rules on their platform.

Depending on the amount of users, if it is a small number of machines, you could try putting the DNS name of the site in the hosts file and give it a quad zero, like O[H]-Zone suggested.

hope that helps
 
I use a Wachguard SOHO 6 w/ webblocker. I guess those sites do have multiple IP's. How about I go about finding these? The ones returned with a ping are blocked and access is still allowed.
 
Using a windows machine
Code: 
nslookup hostname.com
FreeBSD has a dig utility
Code: 
dig hostname.com
Or you could try DNS STUFF. Do a whois lookup on the domain.
Spec
 
I did an nslookup, blocked those IP's and it is still allowing access. I guess it is still another IP.

I guess there are a bunch of IP's answering to those sites. Is there a way to determine the whole block for each site?
 
do you run an in house DNS server? If so, simply create A records for any sites you wish to block, IE hotmail.com, www.hotmail.com, passport.com, etc, and put them as 127.0.0.1
IE
www.hotmail.com IN A 127.0.0.1

would cause any DNS requests for hotmail.com to resolve to the local computer, which is in fact not a hotmail server, and ta da page cannot be displayed...
 
You must log in or register to reply here.
Back
Top