[ previous ] [ next ] [ threads ]
 
 From:  "GD Incorporation" <rbasuki at gdincorporation dot com>
 To:  "'Lee Sharp'" <leesharp at hal dash pc dot org>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] How to block a certain website with m0n0wall?
 Date:  Fri, 9 Oct 2009 13:30:37 +0700
By the way Lee

How did you get the whois info below? Through whois.com or other methods?

Thanks
Rendra 

-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Friday, October 09, 2009 12:16 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] How to block a certain website with m0n0wall?

GD Incorporation wrote:
> Dear Lee
> 
> I did like what you wrote below. I went to whois.com and find info on 
> facebook.com domain and found that they used 4 dns servers. I was 
> thinking to block the DNS servers thinking that all access that goes 
> through that server will be rejected. But you are right if the DNS 
> Servers are hosted to important business oriented servers such as 
> GoDaddy, then it will be trouble.
> 
> I hope m0n0wall have a feature to block a certain domain all at once.
> 
> Now the next question, since the m0n0wall does not seem to be able to 
> block one whole domain, if I put a real web portal such as 
> dansguardian to filter what websites can be accessed, shoud I put it 
> between ADSL modem and Firewall or should I put it behind firewall?

You are missing the point.  You are trying to keep people out of a strip
club by hiding the phone book.  And badly as well.  The client PC does a DNS
request to m0n0wall, as that is the DNS server for the client PC. 
Assuming you do not have www.facebook.com locally, m0n0wall will do a
request to the ISP DNS server.  They in turn will look at an authoritative
name server, and eventually that will look at the facebook server.  But the
client PC only ever looks to m0n0wall for name resolution.

What you need to block are IP addresses.  If you ping facebook.com you will
get something close to 69.63.184.142, which was different from the last time
I pinged it.  If you do an 'nslookup 69.63.184.142' you will see it is
www-10-03-ash1.facebook.com, or part of a cluster.  If you do a 'whois
69.63.184.142' you get;


OrgName:    Facebook, Inc.
OrgID:      THEFA-3
Address:    156 University Ave, 3rd floor
City:       Palo Alto
StateProv:  CA
PostalCode: 94301
Country:    US

NetRange:   69.63.176.0 - 69.63.191.255
CIDR:       69.63.176.0/20
OriginAS:   AS32934
NetName:    TFBNET2
NetHandle:  NET-69-63-176-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Assignment
NameServer: DNS04.SF2P.TFBNW.NET
NameServer: DNS05.SF2P.TFBNW.NET


The important part is the CIDR whis is the netblock for all of facebook. 
  Blocking 69.63.176.0/20 will block facebook right now.  It will not block
them if they move, and it may block other stuff for some.  If you do that
with my company website you get;

OrgName:    GoDaddy.com, Inc.
OrgID:      GODAD
Address:    14455 N Hayden Road
Address:    Suite 226
City:       Scottsdale
StateProv:  AZ
PostalCode: 85260
Country:    US

NetRange:   72.167.0.0 - 72.167.255.255
CIDR:       72.167.0.0/16
OriginAS:   AS26496
NetName:    GO-DADDY-SOFTWARE-INC
NetHandle:  NET-72-167-0-0-1
Parent:     NET-72-0-0-0-0
NetType:    Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET


I do not work for GoDaddy.

So, yes you can do this quick and dirty in m0n0wall.  To do it right, you
need a web filter of some kind.

			Lee

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch