dst-address-list ip only

Toiletbowl · October 4, 2013, 5:25pm

hey guys

i’m struggling now youtubers in the office they using https, i did some experment to captured youtube servers ip in address list but the internal lan IP keep adding as well in the addres list. i want only the youtube server ip not include the users lan ip or there something missing in my configuration?

mangle
chain=forward src-address=0.0.0.0/0 content=youtube action=add dst to address list address-list=yotube_deny

and then i add to firewall rule to drop the dst-address-list

thanks

efaden · October 4, 2013, 5:28pm

My guess would be because your rule works both ways… … since your src-address is 0.0.0.0/0 you are going to wind up mangling both the inbound and outbound packets… thus you will get both sides ips in your list. Try setting the src-address to just your local ones… or limit it by out-interface… or something to only tag the outbound packets.

Toiletbowl · October 4, 2013, 5:39pm

efaden:

Toiletbowl:

hey guys

i’m struggling now youtubers in the office they using https, i did some experment to captured youtube servers ip in address list but the internal lan IP keep adding as well in the addres list. i want only the youtube server ip not include the users lan ip or there something missing in my configuration?

mangle
chain=forward src-address=0.0.0.0/0 content=youtube action=add dst to address list address-list=yotube_deny

and then i add to firewall rule to drop the dst-address-list

thanks

My guess would be because your rule works both ways… … since your src-address is 0.0.0.0/0 you are going to wind up mangling both the inbound and outbound packets… thus you will get both sides ips in your list. Try setting the src-address to just your local ones… or limit it by out-interface… or something to only tag the outbound packets.

Hi efaden

sorry for not cacth up the term what you mean honestly im quit newbie you mean settings the src-address only my local ex. 192.168.1.0/24 in src-address?

thanks

efaden · October 4, 2013, 6:13pm

Toiletbowl:

efaden:

Toiletbowl:

hey guys

i’m struggling now youtubers in the office they using https, i did some experment to captured youtube servers ip in address list but the internal lan IP keep adding as well in the addres list. i want only the youtube server ip not include the users lan ip or there something missing in my configuration?

mangle
chain=forward src-address=0.0.0.0/0 content=youtube action=add dst to address list address-list=yotube_deny

and then i add to firewall rule to drop the dst-address-list

thanks

My guess would be because your rule works both ways… … since your src-address is 0.0.0.0/0 you are going to wind up mangling both the inbound and outbound packets… thus you will get both sides ips in your list. Try setting the src-address to just your local ones… or limit it by out-interface… or something to only tag the outbound packets.

Hi efaden

sorry for not cacth up the term what you mean honestly im quit newbie you mean settings the src-address only my local ex. 192.168.1.0/24 in src-address?

thanks

Yes