Page 1 of 1
Blocking Youtube
Posted: Tue Mar 13, 2007 10:27 am
by mikuni
hi friends
does anyone know how to configure for blocking youtube...
i want to make there is no one can access to youtube url...
youtube ip should be 208.65.153.251...
i hope there is someone can help me for this problem
thank you..
Posted: Tue Mar 13, 2007 10:28 am
by normis
use firewall or webproxy access lists
Posted: Tue Mar 13, 2007 10:34 am
by mikuni
is this my configure correct ?
add chain=forward src-address=208.65.153.251/24 action=drop
add chain=forward dst-address=208.65.153.251/24 action=drop
Posted: Tue Mar 13, 2007 10:35 am
by normis
you should use /32 if you need one specific IP and not a subnet
Posted: Tue Mar 13, 2007 10:38 am
by mikuni
oh my god so i have to change /24 to /32 ?
Posted: Tue Mar 13, 2007 10:46 am
by mikuni
when i use this the youtube is blocking
add chain=forward src-address=208.65.153.251/24 action=drop
add chain=forward dst-address=208.65.153.251/24 action=drop
but when i use this, it isnt blocking
add chain=forward src-address=208.65.153.251/32 action=drop
add chain=forward dst-address=208.65.153.251/32 action=drop
Posted: Tue Mar 13, 2007 10:50 am
by janisk
large websites usually have more than one IP address, please get full list you have to drop.
it seems that with /24 you are blocking all of their ip addresses, and some more, so, to be more precise use some tools to get ip addresses of youtube
Posted: Tue Mar 13, 2007 10:51 am
by normis
C:\Users\Normunds>nslookup youtube.com
Non-authoritative answer:
Name: youtube.com
Addresses: 208.65.153.253, 208.65.153.251
Posted: Tue Mar 13, 2007 10:53 am
by mikuni
but when i use this
add chain=forward src-address=208.65.153.251/24 action=drop
add chain=forward dst-address=208.65.153.251/24 action=drop
it really blocking my IE to browse youtube..
so have i to reconfigure again ?
is this the right scripts ?
by the way,normis what program u use to know the ip of youtube ?
Posted: Tue Mar 13, 2007 10:54 am
by janisk
ahh normis you again indulge to our fellow members
Posted: Tue Mar 13, 2007 10:56 am
by normis
see above, you have to block more than one IP.
also you can use webproxy to deny access to the youtube website. configure an access list if you use webproxy, here are a few ideas (they talk about caching, but access list rules are very similar)
http://forum.mikrotik.com/viewtopic.php ... ht=youtube
Posted: Tue Mar 13, 2007 11:00 am
by mikuni
well actually i want permanently block youtube ip,so there is no one buffering...but i want to block more ip like song2play.com.layartancap.com, etc but i need a prog that fast find ip
is it nslookup is a prog or is just a command in dospromt ?
Posted: Tue Mar 13, 2007 11:02 am
by mikuni
never mind, i already figure it out in dos promt
ok can help another problem ?
how to figure the local connection and international connection ?
Posted: Tue Mar 13, 2007 11:13 am
by normis
Posted: Tue Mar 13, 2007 11:25 am
by mikuni
i got problem here, how can i find my list of network belonging my ISP ?
Posted: Tue Mar 13, 2007 11:26 am
by normis
ask your ISP ...
Posted: Tue Mar 13, 2007 11:30 am
by mikuni
OMG
hehehe....is there any solution for finding my ISP list network?
LOL
Posted: Tue Mar 13, 2007 11:32 am
by normis
this list is usually public, you should ask local regulators. in baltics we have the NIC, in your country there should be a similar organization. look for the organization/government division which hands out IP spaces.
Posted: Tue Mar 13, 2007 11:34 am
by mikuni
well im in indonesia....
urrrgggghhh my english really bad,so im not really get it what u mean..
Posted: Tue Mar 13, 2007 11:51 am
by normis
Posted: Wed Mar 14, 2007 4:39 am
by squintr
Make it easier for yourself and don't block each individual IP address -- block the subnet
eg. to block youtube put the block on 208.65.153.0/24 or 208.65.0.0/16 or 208.0.0.0/8 (although I don't recommend blocking with /8 as you will be blocking a lot of IP addresses)
Posted: Thu Mar 15, 2007 4:37 am
by mikuni
well i already blocking the subnet like this
208.65.153.0/24
and it work fine...
hmm...can i ask another question...
well as we know youtube is a website that buffering data(video clip) from their server...
so that i want to ask is can we limit it buffering bandwith with winbox...
i mean only limiting buffering on youtube...? not block it
Posted: Thu Mar 15, 2007 9:04 am
by normis
make a queue for this subnet
Posted: Fri Mar 16, 2007 3:08 pm
by mikuni
just making a queue ? are u sure about that ?
well i just to try it first...later i will tell u the result...
Posted: Fri Mar 16, 2007 3:21 pm
by mikuni
i already this but there is no bandwith flowing here...am i doing wrong?
normis can u give an example...and i dont use web-proxy...
queue simple> add name=YouTube target-addresses=208.65.153.0/
32 interface=ether1
Posted: Fri Mar 16, 2007 3:23 pm
by normis
subnet is wrong, use somthing like /24
Posted: Fri Mar 16, 2007 4:20 pm
by mikuni
but i dont see any connection in my queue...even i use /24
can u just give me example
the ip of youtube = 208.65.153.251
please help me ok...i really hate youtube when sucking my all bandwith when buffering the video clip..
Posted: Fri Apr 13, 2007 11:47 pm
by kunimihiro
try this on unix machine :
>host youtube.com
youtube.com has address 208.65.153.251
youtube.com has address 208.65.153.253
youtube.com mail is handled by 10 sjl-mbox1.sjl.youtube.com
and then try this in MT :
/ip firewall filter
add chain=forward dst-address=208.65.153.251/32 action=drop comment="" disabled=no
add chain=forward dst-address=208.65.153.253/32 action=drop comment="" disabled=no
no need to add chain with src-address
hope this help
Posted: Mon Apr 16, 2007 1:45 pm
by tgrand
/ip firewall filter
add chain=forward dst-address=208.65.153.248/29 action=drop comment="" disabled=no
Should cover all youtube addresses.