August 22nd, 2009, 08:02 AM
Disabling Websites and Messenger on WiFi network
I just joined with a startup company and I have been asked to do an assignment that says that I have to block all the messengers and websites the employees may use like, for eg. google talk, msn messenger, yahoo messenger, orkut, facebook, etc.
I searched about google talk and I found a answer which says:
But the problem is I am not able to add the DNS lookups - I dont know how to. I'll explain the network configuration used:
Disabling Google Talk on my network
If you need to disable Google Talk on your network, we suggest blocking DNS lookups to both talk.google.com and talkx.l.google.com, by returning 127.0.0.1.
1. The ISP provider has given a broadband line that goes into the modem they provided, the model is Beetel 450BXI - ADSL2 + Router (lets call this Modem X).
2. Modem X has both LAN outputs (no machine is connected to these) and WiFi transmitter (which I have disabled).
3. Modem X is connected to a NETGEAR Router WGR614v9 (lets call this Router Y) via LAN. And Router Y is the one that trasmits the WiFi to all the nodes we have in the office.
4. No machine is connected to Modem X or Router Y through LAN ports - all use WiFi.
Now how can I do the Website and Messenger Blocking for this configuration? Please keep in mind, we cannot connect the machine thru LAN cables as we dont have the infrastructure for these.
I really need help on this. Thanks a lot.
August 23rd, 2009, 04:51 AM
There are a lot of ways to do this. One is to purchase and configure a proxy server and then force all users to go through that to the Internet. Another may lie in the NetGear Router's setup (although I'm not sure). If there is filtering by IP address or website, (probably in the Security Tab), you should be able to put the IP Addresses or hostnames in there.
Originally Posted by codenamevirus
For things like Windows Live Messenger or Skype, you could block the outgoing ports that they use. This won't completely disable them, as they can also use Port 80.
If there aren't a lot of computers, you can go into each machine and add the domains to the HOSTS file. It's located in C:\Windows\System 32\Drivers\etc. Simply add the domain name and 127.0.0.1 or if you have a webserver with an access prohibited page, you can put that IP address in place of the 127.0.0.1 one.
Hope this gives you some ideas. Have a great day
August 23rd, 2009, 03:49 PM
hosts file would work provided you don't have too many computers to worry about, and be sure that you don't allow users permissions to change them again. Alternatively you could do something similar right on the server, the only way around it would be if the user knows the IP address of the site they're trying to contact. You can read about it here
August 23rd, 2009, 04:01 PM
Well for one I would be looking at the Netgear router.. IT should have a web interface that you may be able to do a bit of mucking around..
Originally Posted by codenamevirus
or do my trick..Between the Modem and the first Switch/router I installed a Smoothwall or IPCOP box.. (or you could go to Cisco PXE..) these are linux based router OS's.. from there I set my rules .. and block the hell out of unwanted services.. set QOS and all that stuff
Seeing as everyone is on WiFi... I hope your sniffing the air for alternate AP's if the users find they can't FB or IM on the work network.. they may go hunting..
Last edited by Und3ertak3r; August 23rd, 2009 at 04:03 PM.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
August 24th, 2009, 12:26 AM
You might also look into putting 'Untangle' in between the modem and router. It is free, and has a content filter, firewall, IPS, etc. It isn't the most robust all in one server, but it does pretty well.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
August 24th, 2009, 10:19 AM
1) Set up a proxy as said. You will probally need another box for this
2) Edit the hosts file.
In my router settings I can block "keywords" which I have done so for Facebook.
This however will not block an app from running.
As stated they can also push it through HTTP port if you only allow that ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
August 29th, 2009, 11:48 PM
I suggest looking into using opendns. You can customize it to your needs for your network. It is also done at the router level, so it affects everyone on the network.
<chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times
August 31st, 2009, 02:19 PM
I use IPcop myself, with the Advanced Proxy and URLfilter addons, among other addons. You'll need another computer for it; my old 300MHz P2 and ~380MB RAM Dell optiplex handles it rather well. It's a free, linux-based firewall package that you can download and burn the ISO to CD, so be prepared to spend some time if you decide to download it. There are so many options, it's easy to get lost in it.
With IPcop, you can set up a transparent proxy server so you don't need to configure every browser to use it. After that, it's simply a matter of adding URLs to the blocked domains textbox and hitting Save and Restart...