Page 1 of 1

Block Sites over Lan Via winbox

Posted: Fri Oct 02, 2009 1:12 am
by speedzonenetwork
how can i block some websites (e.g www.msn.com) on Lan via winbox interface?

i searched in wiki but it gave detailed in text format.

please guide to do this.

Thanks.

Re: Block Sites over Lan Via winbox

Posted: Fri Oct 02, 2009 1:15 am
by fewi
Start a terminal session from within Winbox and paste in what you found. You'll then be able to inspect what it did via the GUI.

Re: Block Sites over Lan Via winbox

Posted: Fri Oct 02, 2009 9:39 am
by kirshteins
Terminal commands are very similar how Winbox works. For example,
/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
In winbox is:
1)Open "Ip -> Firewall" form the menu
2)Select "NAT" tab
3)Press "+" to add rule
4)And apply these properties to this rule
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

Re: Block Sites over Lan Via winbox

Posted: Wed Oct 07, 2009 5:00 pm
by marioclep
how can i block some websites (e.g http://www.msn.com) on Lan via winbox interface?

Thanks.
Maybe you are asking for something like this. Go to IP -> Firewall -> Filter Rules and add a rule like the attach.

Re: Block Sites over Lan Via winbox

Posted: Thu Oct 08, 2009 12:57 am
by speedzonenetwork
Thanks fewi, kirshteins , marioclep.

i made the rule in Web proxy to block sites and redirect it to my Local sharing site. its working properly.

but here in same place i m unable to block some sites and i also follow ur instructions but no success.

please provide snapshots for this.

Thanks.

Re: Block Sites over Lan Via winbox

Posted: Thu Oct 08, 2009 8:45 am
by kirshteins
You might have some problems, with proxy access rule
add action=deny disabled=no dst-host=www.msn.com
not blocking sites like http://www.msn.co.uk

In this case it is suggested to use regular expression(http://en.wikipedia.org/wiki/Regular_expression) as dst-host. For example,
add action=deny disabled=no dst-host=:msn
Will block all of the following msn.com, msn.co.uk, msn.de etc.

Re: Block Sites over Lan Via winbox

Posted: Thu Oct 08, 2009 10:51 pm
by marioclep
You might have some problems, with proxy access rule
add action=deny disabled=no dst-host=www.msn.com
not blocking sites like http://www.msn.co.uk

In this case it is suggested to use regular expression(http://en.wikipedia.org/wiki/Regular_expression) as dst-host. For example,
add action=deny disabled=no dst-host=:msn
Will block all of the following msn.com, msn.co.uk, msn.de etc.
kirshteins is right, but he olny ask for certain pages. Some of them are single ones!

=)

Re: Block Sites over Lan Via winbox

Posted: Thu Oct 08, 2009 11:30 pm
by speedzonenetwork
Thanks alot.

i got what i need to do by ur instructions.

Great Supporters :)

Re: Block Sites over Lan Via winbox

Posted: Tue Dec 22, 2009 7:40 pm
by conquerer
As microclep Suggested i followed that rules.

Its Works.

Now i need to allow 2 users to access that sites which i blocked. ( Not all users can access that blocked sites).

Thanks.

Re: Block Sites over Lan Via winbox

Posted: Wed Dec 23, 2009 12:46 am
by speedzonenetwork
(how can i exclude some IPs from block rule so that few IPs can access the Sites and remaining cannot?)


i created the following rules by which all users cannot access the blocked sites.

0 chain=forward action=drop in-interface=Lan content=msn

1 chain=forward action=drop in-interface=Lan content=yahoo

2 chain=input action=drop protocol=icmp src-address=11.1.1.0/24
icmp-options=8:0-255

how can i allow some users to open the blocked Sites?

Re: Block Sites over Lan Via winbox

Posted: Wed Dec 23, 2009 10:00 am
by speedzonenetwork
Any Suggestion????

Re: Block Sites over Lan Via winbox

Posted: Wed Dec 23, 2009 4:19 pm
by speedzonenetwork
I need this solution urgently please guide to make that options.

Re: Block Sites over Lan Via winbox

Posted: Wed Dec 23, 2009 4:43 pm
by fewi
Make an address-list that contains the IPs of clients not to be dropped. Add 'src-address-list=!address-list-of-clients-not-to-be-dropped' to your drop rules.

This is extremely basic stuff. Consider attending training classes.

Re: Block Sites over Lan Via winbox

Posted: Sun Dec 27, 2009 1:41 am
by speedzonenetwork
i was unable to follow ur commands. and i tried to search in wiki but unable to find the solutions.

Thats y i m writting a post to have a suggestions of experts in winbox mode.

Hope Experts will consider my request this time.

Thanks.

Re: Block Sites over Lan Via winbox

Posted: Sun Dec 27, 2009 12:44 pm
by speedzonenetwork
Why Experts not providing the screen print of winbox to solve this issue?

Did i asked something difficult or irrelevant?

Re: Block Sites over Lan Via winbox

Posted: Sun Dec 27, 2009 7:35 pm
by fewi
Why do you need screenshots for this?

Go to the firewall section, then to the address list tab. Add entries to an address list. Go to the filter tab, find the drop rule, edit it, put the address list you made into the source address list option and click the checkmark to negate it with a '!'.