blocking websites

[sathish]

Hello,

I am using RedHat 9.0, We are having 50 clients in the office.  I have done masquerade to share the net from Linux server to windows clients.

I want to block all websites except 2 to 3 websites we use.

Ex : google.com, altavista.com and alltheweb.com.

In the clients  side. I want to access only the above said websites. And remaining all websites to be blocked.  Is it possible.. If yes,  please give me the steps to be followed.  :?:
Thank you,
Sathish.

[Ricky]

It depends upon wht are u currently using ??

If you are using squid then you can easily block them !! also iptables can be used !! so wht are u using rt now ?

[sathish]

Hi Ricky,

We are using for searching for a Medicines names. As we are related for a Medical company. I want to block through iptables.

[LS-Admin]

Go for squid .. it is better for this type of jobs..  or filtering..

[Ricky]

Well i can tell you how to block a specific site..

Code: [Select]

iptables -A FORWARD -d domain.com -j DROP

[marcus01]

Hi Guy's

i got the same promblem i really want to block all the sites and accepts only the others that i like!

can please someone here help me? im using iptables coz im having problem on configurong squid! thanks in advance!

[marcus01]

i created a script the will call a txt file contains the ip address of the site that i only want to access. but im getting some some problems like

1. when i access some site it gaves me 403 error but some of it i can accesss!
2. i can only type ip address to access the site if i type the url of the site i cant access is!

can please some one help me on this???

here is the script that i made:

#!/bin/sh

# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

GOODIP=/etc/rc.d/goodlist.txt
LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
WAN_IP='xxx.xxx.xxx.xxx'
WAN_NIC='eth0'

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT

# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $WAN_IP -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


echo "Blocking all unwanted IP's                              [ OK ]"

iptables -I FORWARD -s 0/0 -d 0/0 -j DROP

iptables -I FORWARD -p udp -s 0/0 -d 0/0 --dport 53 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dprot 25 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 20 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -j ACCEPT


echo "Allowing Good IP's                                      [ OK ]"

for x in `grep -v ^# $GOODIP | awk '{print $1}'`; do

echo "Permitting $x             [ OK ]"

iptables -I FORWARD -s $x -j ACCEPT
done

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

[salvesatish]

Have you checked SafeSquid?

SafeSquid is Contenet filtering Internet Proxy.
SafeSquid helps you to achieve more productivity.

I am just mentioning few features of SafeSquid.

*STOP Getting lured by fraudulent web-links to visit pornographic sites,
*BLOCK Advertisement pop-ups that drive you crazy,
*PREVENT Employees wasting business-hours and resources on needless downloads,
*PREVENT Computers getting infected with viruses / Trojan by a visit to innocent looking web-sites

You can visit the site www.safesquid.com & also their support forum at www.safesquid.com/forum