Page 1 of 1

please help : how to block any website

Posted: Wed Jun 26, 2013 7:52 pm
by Riajul74
anybody can you please help me ? i have posted many times, but no answer from anybody

i wanted to make a configuration on my router RB450.
i have example two user group with ip
1. Normal user : 192.168.2.10-192.168.2.20
2. Admin user : 192.168.2.21-192.168.2.30
I want to block all website except few (yahoo.com/google.com) for Normal user : 192.168.2.10-192.168.2.20
and open all website for Admin user : 192.168.2.21-192.168.2.30

does it possible ? then how ? please advice.

Re: please help : how to block any website

Posted: Thu Jun 27, 2013 7:58 am
by c0d3rSh3ll
the simple way is with web proxy and address-list policy http filters.

Re: please help : how to block any website

Posted: Thu Jun 27, 2013 9:28 am
by Riajul74
the simple way is with web proxy and address-list policy http filters.

i got it. but i am not advance user enough. can you just make a command line for those ? it will be very helpful for me. will this also block https ?

i have attached my current proxy status. please dont forget to make me clear that also for enable how will be the configuration.

will be glad to you.

Re: please help : how to block any website

Posted: Thu Jun 27, 2013 2:29 pm
by ahmedramze
Its better to use IP firewall ,


Juts from command line get ips for google & yahoo from your ISP.
nslookup yahoo.com
nslookup google.com
yahoo
206.190.36.45
98.139.183.24
98.138.253.109

google
173.194.44.233
173.194.44.230
173.194.44.227
173.194.44.228
173.194.44.224
173.194.44.229
173.194.44.225
173.194.44.226
173.194.44.238
173.194.44.232
173.194.44.231

Then make a list for green ips that they can access it
add address=8.8.8.8 list=greenlist
Repeat it for all ips you need it.

Client IP from 0-127,
admin IP from 128-254

for Client allow Masquerade for only Destination list only the (greenlist).
and admin allow masquerade for all destination.
/ ip firewall nat  add action=masquerade chain=srcnat dst-address-list=greenlist src-address=192.168.1.0/25
/ ip firewall nat  add action=masquerade chain=srcnat  src-address=192.168.1.128/25
this will make users from 192.168.1.2-126 access to ips only on greenlist and rest to all internet.

By the way this example divide /24 subnet into two /25 , you can devide it as your requist /29 /28 /26 depond on your network.

this easy way , also you can use Hotspot
/ip hotspot walled-garden
to allow unauthorized user to access to website , and authorized user or MAC address or IP to access to internet.
using hotspot better if user have knowledgement to change them IP address and use internet.


there is too many solutions contact me for any help.

Re: please help : how to block any website

Posted: Thu Jun 27, 2013 3:06 pm
by Riajul74
thanks for give me way.

i am using hotspot already. my all user are using internet via hotspot.

and i have made hotspot login ip address list different for admin and normal user. extract same below

1. Normal user : 192.168.2.10-192.168.2.20
2. Admin user : 192.168.2.21-192.168.2.30

i liked your last comment "/ip hotspot walled-garden"

can you please make me more clear do the rule using walled-garden ? it will be very perfect for me then.
thanks