[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to block a certain website with m0n0wall?
 Date:  Fri, 09 Oct 2009 00:16:11 -0500
GD Incorporation wrote:
> Dear Lee
> 
> I did like what you wrote below. I went to whois.com and find info on
> facebook.com domain and found that they used 4 dns servers. I was thinking
> to block the DNS servers thinking that all access that goes through that
> server will be rejected. But you are right if the DNS Servers are hosted to
> important business oriented servers such as GoDaddy, then it will be
> trouble. 
> 
> I hope m0n0wall have a feature to block a certain domain all at once.
> 
> Now the next question, since the m0n0wall does not seem to be able to block
> one whole domain, if I put a real web portal such as dansguardian to filter
> what websites can be accessed, shoud I put it between ADSL modem and
> Firewall or should I put it behind firewall?

You are missing the point.  You are trying to keep people out of a strip 
club by hiding the phone book.  And badly as well.  The client PC does a 
DNS request to m0n0wall, as that is the DNS server for the client PC. 
Assuming you do not have www.facebook.com locally, m0n0wall will do a 
request to the ISP DNS server.  They in turn will look at an 
authoritative name server, and eventually that will look at the facebook 
server.  But the client PC only ever looks to m0n0wall for name resolution.

What you need to block are IP addresses.  If you ping facebook.com you 
will get something close to 69.63.184.142, which was different from the 
last time I pinged it.  If you do an 'nslookup 69.63.184.142' you will 
see it is www-10-03-ash1.facebook.com, or part of a cluster.  If you do 
a 'whois 69.63.184.142' you get;


OrgName:    Facebook, Inc.
OrgID:      THEFA-3
Address:    156 University Ave, 3rd floor
City:       Palo Alto
StateProv:  CA
PostalCode: 94301
Country:    US

NetRange:   69.63.176.0 - 69.63.191.255
CIDR:       69.63.176.0/20
OriginAS:   AS32934
NetName:    TFBNET2
NetHandle:  NET-69-63-176-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Assignment
NameServer: DNS04.SF2P.TFBNW.NET
NameServer: DNS05.SF2P.TFBNW.NET


The important part is the CIDR whis is the netblock for all of facebook. 
  Blocking 69.63.176.0/20 will block facebook right now.  It will not 
block them if they move, and it may block other stuff for some.  If you 
do that with my company website you get;

OrgName:    GoDaddy.com, Inc.
OrgID:      GODAD
Address:    14455 N Hayden Road
Address:    Suite 226
City:       Scottsdale
StateProv:  AZ
PostalCode: 85260
Country:    US

NetRange:   72.167.0.0 - 72.167.255.255
CIDR:       72.167.0.0/16
OriginAS:   AS26496
NetName:    GO-DADDY-SOFTWARE-INC
NetHandle:  NET-72-167-0-0-1
Parent:     NET-72-0-0-0-0
NetType:    Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET


I do not work for GoDaddy.

So, yes you can do this quick and dirty in m0n0wall.  To do it right, 
you need a web filter of some kind.

			Lee