Blocking Internet services

Don Jones

Don Jones

Line Up and Wait
Joined
Feb 23, 2005
Messages
855
Location
Las Cruces, New Mexico
Display Name
Display name:
DJones
Is there anyway to set up my work network to only allow internet access to a couple of work related sites and block the rest? I have a firewall router, so far I can only figure out how to cut off access completely. Need some technical guidance.
 
Yes.

I have a SonicWall TZ170, and it can be configured to limit web access to only defined sites, or to restrict traffic from all manner of categories (eg, sexual content, violence, etc.). In addition, you can set it up to where the restrictions only apply during certain hours.

It also has pretty good firewall and virus filtering for web and email.

I am reasonably satisfied; there are boxes that can do a lot more, but they cost a lot more.

Edit:

see http://www.sonicwall.com/us/products/TZ_Series.html
 
Don Jones said:
Is there anyway to set up my work network to only allow internet access to a couple of work related sites and block the rest? I have a firewall router, so far I can only figure out how to cut off access completely. Need some technical guidance.
Click to expand...

1) Hard code your DNS server. Make entries for the allowed sites and make everything else resolve to 127.0.0.1. (This will not block those who are savvy enough to use another DNS server or get the sites by IP addresses.)

You want a plug and play solution?
2) Get a firewall router with access rules. I have an old NetGear that had "parental controls" where you could set a schedule for when access was allowed.

I'm sure your firewall can do it. HOW to do it varies widely by manufacturer. Pay Jesse to set it up for you. :D
 
Last edited:
mikea said:
1) Hard code your DNS server. Make entries for the allowed sites and make everything else resolve to 127.0.0.1. (This will not block those who are savvy enough to use another DNS server or get teh sites by IP addresses.)

You want a plug and play solution?
2) Get a firewall router with access rules. I have an old NetGear that had "parental controls" where you could set a schedule for when access was allowed.

I'm sure your firewall can do it. HOW to do it varies widely by manufacturer. Pay Jesse to set it up for you. :D
Click to expand...

How about some step by step directions to hard code the DNS server. I know just enough to be dangerous.:yes: The router is a Lynksys. It does have the parental controls, but I haven't found a way to only allow certain sites without shutting off all access. I will look more at work tomorrow.
 
Last edited:
Don Jones said:
How about some step by step directions to hard code the DNS server. I know just enough to be dangerous.:yes: The router is a Lynksys. It does have the parental controls, but I haven't found a way to only allow certain sites without shutting off all access. I will look more at work tomorrow.
Click to expand...

It's not that easy. First you have to RUN an internal DNS server. Now you're using the one at your ISP.

Then have all PCs use it as the DNS server...IE put that server PCs address in the firewall as the DNS server. All of the clients get the DNS server address from the firewall...so they'll ask your server for IP addresses of the sites and only get answers for the ones you supply.

http://www.windowsnetworking.com/articles_tutorials/Installing_DNS_Windows_2003.html
 
Last edited:
Just today I set up a Linksys wireless router for a friend..

I don't have access to it now so I cant give you specific instructions but..

There was a setting under firewall that allowed you to block all Internet access except for a list of specific sites.. Sometimes called a white list or an allow list.
Poke around in the router and I hope you will find it, good luck..

Jon


Don Jones said:
How about some step by step directions to hard code the DNS server. I know just enough to be dangerous.:yes: The router is a Lynksys. It does have the parental controls, but I haven't found a way to only allow certain sites without shutting off all access. I will look more at work tomorrow.
Click to expand...
 
I remember fiddling around with home-grade stuff, never getting what I wanted done, done. You can get a SonicWall for around $350.00, and it is a dedicated security appliance, well-supported and can do a lot for you. When I read the logs on mine and see all the stuff it has deflected away, I am glad I have a grown-up box.
 
This reminds me of a friend's story. She's a bookkeeper with an old family CPA firm in New Jersey. They recently received a package for the father in the firm and opened it thinking it was firm business. When they discovered it was Cialis, they resealed the package and just placed it on his desk.

About three weeks later, she was cleaning up the system on her computer and wiping out the tracking cookies that came up on Spybot. One of the cookies turned out to be for the seller of the Cialis. It seems the old man was not about to order the stuff on HIS computer. :)
 
Make sure you don't block domains needed for Windows Updates (I just allow *.microsoft.com/*), virus scan updates, and so forth.

Rich
 
You must log in or register to reply here.
Back
Top