Hey
I want to know how to block all websites except one.
And I want to leave any outgoing port Open.
Thanks
Re: How to block all websites except one
You can setup ip web proxy and allow only the website you wanna pass there and deny all other sites.
Only http traffic wil be denied.
Enable dst-nat for your nat
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
Only http traffic wil be denied.
Enable dst-nat for your nat
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
Re: How to block all websites except one
I didn't get it actually. I just bought my Mikrotik.You can setup ip web proxy and allow only the website you wanna pass there and deny all other sites.
Only http traffic wil be denied.
Enable dst-nat for your nat
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the \! ? )
and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?
thank you
Re: How to block all websites except one
I didn't get it actually. I just bought my Mikrotik.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the \! ? )
and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?
…
in the dst-nat in-interface you chose your in-interface. for example ether1 or your in-interface. the \ sign means that the command continues on the next line.
/ip proxy access
add dst-host=www.hostyouwannaallow.com
add action=deny dst-host=*
in the deny dst-host=* you leave that * as it's a wildcard.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the \! ? )
and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?
…
in the dst-nat in-interface you chose your in-interface. for example ether1 or your in-interface. the \ sign means that the command continues on the next line.
/ip proxy access
add dst-host=www.hostyouwannaallow.com
add action=deny dst-host=*
in the deny dst-host=* you leave that * as it's a wildcard.
Re: How to block all websites except one
mikrotik routerboard 750
im using this methods but all sites are blocked including hotmail.com
dst-host=www.hotmail.com action=allow
and the last rule will be
action=deny (in the access list.
/ip proxy access)
the second method:
/ip proxy
add action=deny dst-host=!*funlb.net src-address=192.168.0.0/24
is there any method that work 100% ?(to open 1 site only )
im using this methods but all sites are blocked including hotmail.com
dst-host=www.hotmail.com action=allow
and the last rule will be
action=deny (in the access list.
/ip proxy access)
the second method:
/ip proxy
add action=deny dst-host=!*funlb.net src-address=192.168.0.0/24
is there any method that work 100% ?(to open 1 site only )
Re: How to block all websites except one
i see you have opened another thread ??
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip -> firewall -> nat -> +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip -> web proxy
GENERAL
enable it
port : 8080
press button ACCESS
+ DST host : www.hotmail.com
action : allow
OK
+ DST host: *
action : deny
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip -> firewall -> nat -> +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip -> web proxy
GENERAL
enable it
port : 8080
press button ACCESS
+ DST host : www.hotmail.com
action : allow
OK
+ DST host: *
action : deny
Re: How to block all websites except one
Sorry about that. It won't happen again.i see you have opened another thread ??
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip -> firewall -> nat -> +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip -> web proxy
GENERAL
enable it
port : 8080
press button ACCESS
+ DST host : http://www.hotmail.com
action : allow
OK
+ DST host: *
action : deny
I tried it all step by step and didn't work.
Please can you connect to my Pc by team-viewer ?
I would really appreciate it.
332 307 427
7484
Re: How to block all websites except one
332 307 427
pass:7651
pass:7651
Re: How to block all websites except one
Still the same....recconect
Re: How to block all websites except one
reenable the connection tracker in ip firewall .. pleaseStill the same....recconect
Re: How to block all websites except one
I did already.reenable the connection tracker in ip firewall .. pleaseStill the same....recconect
Re: How to block all websites except one
Problem solved it was due to old RouterOS version .
Re: How to block all websites except one
thanks alot.Problem solved it was due to old RouterOS version .
Well supported and helped alot.
Re: How to block all websites except one
After we blocked all websites using port 80 and 443 for https sites.
I have a remote tool that using the port 80 for outgoing connection, Will I be able to you use it ??
If not ? any solution ? or I should simply use another port and which one ?
I have a remote tool that using the port 80 for outgoing connection, Will I be able to you use it ??
If not ? any solution ? or I should simply use another port and which one ?
Re: How to block all websites except one
Do you still need a solution?
Re: How to block all websites except one
why making thread complicated thread starter want to allow one site not redirect to all webs @ specific web, so just only masqurade with dst address of website.
Re: How to block all websites except one
why making thread complicated thread starter want to allow one site not redirect to all webs @ specific web, so just only masqurade with dst address of website.
-
-
Bounnareim
just joined
- Posts: 3
- Joined:
Re: How to block all websites except one
You do not have the required permissions to view the files attached to this post.
-
-
Bounnareim
just joined
- Posts: 3
- Joined:
Re: How to block all websites except one
I has been follow your guide but still not working, or maybe I has make it wrong, so if possible can you send me the document or video training to my email: bounnareim@gmail.com
Thank and Regards,
Bounnareim;
Thank and Regards,
Bounnareim;
You do not have the required permissions to view the files attached to this post.
Re: How to block all websites except one
Hi! I 've just followed the steps, I do it for port 80 and 433 for https, but it blocks all websites including my website (google maps) wich I want to allow.i see you have opened another thread ??
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your blacklisted_site arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip -> firewall -> nat -> +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip -> web proxy
GENERAL
enable it
port : 8080
press button ACCESS
+ DST host : http://www.hotmail.com
action : allow
OK
+ DST host: *
action : deny
any help would be appreciated.
-
-
susupikachu
just joined
- Posts: 2
- Joined:
Re: How to block all websites except one
HI, im config router by gui but i type mail.yahoo.com , it process. i don t understand. i deny * Please explain for mei see you have opened another thread ??
The way it works is this :
You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080
/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*
To do it in the gui =
ip -> firewall -> nat -> +sign
GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !
ACTION
action : redirect
to ports: 8080
Press ok.
Drag this rule to the first place.
Then go to ip -> web proxy
GENERAL
enable it
port : 8080
press button ACCESS
+ DST host : http://www.hotmail.com
action : allow
OK
+ DST host: *
action : deny
Re: How to block all websites except one
Hi, every time I enable the Dst Host = * all smartphone would be disconnected and says 'Sign in to Wi-Fi network' and they only connect for several second before disconnected again. Is there a solution for that problem?
Re: How to block all websites except one
Hi there. I am trying to redirect all websites to one website, it works on http websites but not https. Please help me resolve the problem.
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=192.168.8.10-192.168.8.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether2 lease-time=3d name=dhcp1
/ip address
add address=192.168.8.1/24 interface=ether2 network=192.168.8.0
add address=192.168.1.2/24 disabled=yes interface=ether1 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.8.2 client-id=1:f0:9f:c2:d0:19:d0 comment="UniFi Mesh AP" \
mac-address=F0:9F:C2:D0:19:D0 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat
add action=redirect chain=dstnat dst-port=443 protocol=tcp to-ports=8080
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip proxy
set cache-path=web-proxy1 enabled=yes
/ip proxy access
add dst-host=www.bills.express
add action=deny dst-host=* redirect-to=www.bills.express
add action=deny dst-host=facebook.com redirect-to=www.bills.express
add action=deny dst-host=www.facebook.com redirect-to=www.bills.express
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Africa/Harare
/system identity
set name="Bills Express"
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=192.168.8.10-192.168.8.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether2 lease-time=3d name=dhcp1
/ip address
add address=192.168.8.1/24 interface=ether2 network=192.168.8.0
add address=192.168.1.2/24 disabled=yes interface=ether1 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.8.2 client-id=1:f0:9f:c2:d0:19:d0 comment="UniFi Mesh AP" \
mac-address=F0:9F:C2:D0:19:D0 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat
add action=redirect chain=dstnat dst-port=443 protocol=tcp to-ports=8080
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip proxy
set cache-path=web-proxy1 enabled=yes
/ip proxy access
add dst-host=www.bills.express
add action=deny dst-host=* redirect-to=www.bills.express
add action=deny dst-host=facebook.com redirect-to=www.bills.express
add action=deny dst-host=www.facebook.com redirect-to=www.bills.express
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Africa/Harare
/system identity
set name="Bills Express"
Re: How to block all websites except one
cutting a long story short, you cannot 'redirect' https with ROS. U have to use a proxy which supports https, Mikrotik doesnt...
Re: How to block all websites except one
Thank you for the info! So what are my options? Can I block all https traffic and only allow my website (which is also https)? And how could I do that?