Community discussions

MikroTik App
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Block Sites over Lan Via winbox

Fri Oct 02, 2009 1:12 am

how can i block some websites (e.g www.msn.com) on Lan via winbox interface?

i searched in wiki but it gave detailed in text format.

please guide to do this.

Thanks.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Block Sites over Lan Via winbox

Fri Oct 02, 2009 1:15 am

Start a terminal session from within Winbox and paste in what you found. You'll then be able to inspect what it did via the GUI.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: Block Sites over Lan Via winbox

Fri Oct 02, 2009 9:39 am

Terminal commands are very similar how Winbox works. For example,
/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
In winbox is:
1)Open "Ip -> Firewall" form the menu
2)Select "NAT" tab
3)Press "+" to add rule
4)And apply these properties to this rule
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
 
User avatar
marioclep
Trainer
Trainer
Posts: 140
Joined: Sat Jul 11, 2009 4:36 pm
Location: Cordoba - Argentina
Contact:

Re: Block Sites over Lan Via winbox

Wed Oct 07, 2009 5:00 pm

how can i block some websites (e.g http://www.msn.com) on Lan via winbox interface?

Thanks.
Maybe you are asking for something like this. Go to IP -> Firewall -> Filter Rules and add a rule like the attach.
You do not have the required permissions to view the files attached to this post.
---------------------

Ing. Mario D. Clep
CTO - MKE Solutions
MikroTik Certified Trainer
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Thu Oct 08, 2009 12:57 am

Thanks fewi, kirshteins , marioclep.

i made the rule in Web proxy to block sites and redirect it to my Local sharing site. its working properly.

but here in same place i m unable to block some sites and i also follow ur instructions but no success.

please provide snapshots for this.

Thanks.
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: Block Sites over Lan Via winbox

Thu Oct 08, 2009 8:45 am

You might have some problems, with proxy access rule
add action=deny disabled=no dst-host=www.msn.com
not blocking sites like http://www.msn.co.uk

In this case it is suggested to use regular expression(http://en.wikipedia.org/wiki/Regular_expression) as dst-host. For example,
add action=deny disabled=no dst-host=:msn
Will block all of the following msn.com, msn.co.uk, msn.de etc.
 
User avatar
marioclep
Trainer
Trainer
Posts: 140
Joined: Sat Jul 11, 2009 4:36 pm
Location: Cordoba - Argentina
Contact:

Re: Block Sites over Lan Via winbox

Thu Oct 08, 2009 10:51 pm

You might have some problems, with proxy access rule
add action=deny disabled=no dst-host=www.msn.com
not blocking sites like http://www.msn.co.uk

In this case it is suggested to use regular expression(http://en.wikipedia.org/wiki/Regular_expression) as dst-host. For example,
add action=deny disabled=no dst-host=:msn
Will block all of the following msn.com, msn.co.uk, msn.de etc.
kirshteins is right, but he olny ask for certain pages. Some of them are single ones!

=)
---------------------

Ing. Mario D. Clep
CTO - MKE Solutions
MikroTik Certified Trainer
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Thu Oct 08, 2009 11:30 pm

Thanks alot.

i got what i need to do by ur instructions.

Great Supporters :)
 
conquerer
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Tue Dec 22, 2009 7:31 pm

Re: Block Sites over Lan Via winbox

Tue Dec 22, 2009 7:40 pm

As microclep Suggested i followed that rules.

Its Works.

Now i need to allow 2 users to access that sites which i blocked. ( Not all users can access that blocked sites).

Thanks.
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Wed Dec 23, 2009 12:46 am

(how can i exclude some IPs from block rule so that few IPs can access the Sites and remaining cannot?)


i created the following rules by which all users cannot access the blocked sites.

0 chain=forward action=drop in-interface=Lan content=msn

1 chain=forward action=drop in-interface=Lan content=yahoo

2 chain=input action=drop protocol=icmp src-address=11.1.1.0/24
icmp-options=8:0-255

how can i allow some users to open the blocked Sites?
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Wed Dec 23, 2009 10:00 am

Any Suggestion????
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Wed Dec 23, 2009 4:19 pm

I need this solution urgently please guide to make that options.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Block Sites over Lan Via winbox

Wed Dec 23, 2009 4:43 pm

Make an address-list that contains the IPs of clients not to be dropped. Add 'src-address-list=!address-list-of-clients-not-to-be-dropped' to your drop rules.

This is extremely basic stuff. Consider attending training classes.
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Sun Dec 27, 2009 1:41 am

i was unable to follow ur commands. and i tried to search in wiki but unable to find the solutions.

Thats y i m writting a post to have a suggestions of experts in winbox mode.

Hope Experts will consider my request this time.

Thanks.
 
speedzonenetwork
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Aug 03, 2009 8:14 pm

Re: Block Sites over Lan Via winbox

Sun Dec 27, 2009 12:44 pm

Why Experts not providing the screen print of winbox to solve this issue?

Did i asked something difficult or irrelevant?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Block Sites over Lan Via winbox

Sun Dec 27, 2009 7:35 pm

Why do you need screenshots for this?

Go to the firewall section, then to the address list tab. Add entries to an address list. Go to the filter tab, find the drop rule, edit it, put the address list you made into the source address list option and click the checkmark to negate it with a '!'.

Who is online

Users browsing this forum: anav, creatin, DarkNate, darxx, SiB and 38 guests