Page 1 of 1

How to block all websites except one

Posted: Mon Mar 11, 2013 9:34 pm
by w33d33
Hey
I want to know how to block all websites except one.
And I want to leave any outgoing port Open.

Thanks

Re: How to block all websites except one

Posted: Mon Mar 11, 2013 10:06 pm
by nmaton
You can setup ip web proxy and allow only the website you wanna pass there and deny all other sites.
Only http traffic wil be denied.


Enable dst-nat for your nat


/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*

Re: How to block all websites except one

Posted: Mon Mar 11, 2013 10:16 pm
by w33d33
You can setup ip web proxy and allow only the website you wanna pass there and deny all other sites.
Only http traffic wil be denied.


Enable dst-nat for your nat


/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
I didn't get it actually. I just bought my Mikrotik.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the \! ? )

and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?

thank you

Re: How to block all websites except one

Posted: Mon Mar 11, 2013 11:23 pm
by nmaton
I didn't get it actually. I just bought my Mikrotik.
so I eneable dst-nat then i press firewall/nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080 ( what does the stars mean ? and what is the \! ? )

and finally
add dst-host=www.hostyouwannaallow.*
add action=deny dst-host=*
What should I replace the star with ?



in the dst-nat in-interface you chose your in-interface. for example ether1 or your in-interface. the \ sign means that the command continues on the next line.

/ip proxy access
add dst-host=www.hostyouwannaallow.com
add action=deny dst-host=*


in the deny dst-host=* you leave that * as it's a wildcard.

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 12:18 pm
by w33d33
mikrotik routerboard 750
im using this methods but all sites are blocked including hotmail.com


dst-host=www.hotmail.com action=allow

and the last rule will be

action=deny (in the access list.
/ip proxy access)


the second method:

/ip proxy
add action=deny dst-host=!*funlb.net src-address=192.168.0.0/24


is there any method that work 100% ?(to open 1 site only )

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 1:04 pm
by nmaton
i see you have opened another thread ??

The way it works is this :


You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*



To do it in the gui =


ip -> firewall -> nat -> +sign

GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !

ACTION
action : redirect
to ports: 8080

Press ok.
Drag this rule to the first place.

Then go to ip -> web proxy

GENERAL
enable it
port : 8080

press button ACCESS

+ DST host : www.hotmail.com
action : allow
OK

+ DST host: *
action : deny

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 1:23 pm
by w33d33
i see you have opened another thread ??

The way it works is this :


You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*



To do it in the gui =


ip -> firewall -> nat -> +sign

GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !

ACTION
action : redirect
to ports: 8080

Press ok.
Drag this rule to the first place.

Then go to ip -> web proxy

GENERAL
enable it
port : 8080

press button ACCESS

+ DST host : http://www.hotmail.com
action : allow
OK

+ DST host: *
action : deny
Sorry about that. It won't happen again.
I tried it all step by step and didn't work.
Please can you connect to my Pc by team-viewer ?
I would really appreciate it.

332 307 427
7484

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 4:30 pm
by w33d33
332 307 427

pass:7651

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 4:49 pm
by w33d33
Still the same....recconect

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 4:52 pm
by nmaton
Still the same....recconect
reenable the connection tracker in ip firewall .. please

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 4:53 pm
by w33d33
Still the same....recconect
reenable the connection tracker in ip firewall .. please
I did already.

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 5:20 pm
by w33d33
So? I reboot it.

Re: How to block all websites except one

Posted: Tue Mar 12, 2013 6:27 pm
by nmaton
Problem solved it was due to old RouterOS version .

Re: How to block all websites except one

Posted: Wed Mar 13, 2013 12:05 am
by w33d33
Problem solved it was due to old RouterOS version .
thanks alot.
Well supported and helped alot.

Re: How to block all websites except one

Posted: Thu Mar 14, 2013 10:08 am
by w33d33
After we blocked all websites using port 80 and 443 for https sites.
I have a remote tool that using the port 80 for outgoing connection, Will I be able to you use it ??
If not ? any solution ? or I should simply use another port and which one ?

Re: How to block all websites except one

Posted: Mon Mar 18, 2013 9:53 pm
by nmaton
Do you still need a solution?

Re: How to block all websites except one

Posted: Tue Mar 19, 2013 8:16 am
by mnasir
why making thread complicated thread starter want to allow one site not redirect to all webs @ specific web, so just only masqurade with dst address of website.

Re: How to block all websites except one

Posted: Tue Apr 09, 2013 5:16 pm
by nishadul
why making thread complicated thread starter want to allow one site not redirect to all webs @ specific web, so just only masqurade with dst address of website.

Re: How to block all websites except one

Posted: Tue Jan 20, 2015 8:57 am
by Bounnareim
01.jpg

Re: How to block all websites except one

Posted: Tue Jan 20, 2015 10:42 am
by Bounnareim
I has been follow your guide but still not working, or maybe I has make it wrong, so if possible can you send me the document or video training to my email: bounnareim@gmail.com

Thank and Regards,

Bounnareim;

Re: How to block all websites except one

Posted: Thu Mar 19, 2015 11:58 am
by asis27
i see you have opened another thread ??

The way it works is this :


You put this as first line in the firewalling when the in-interface is the interface where your blacklisted_site arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*



To do it in the gui =


ip -> firewall -> nat -> +sign

GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !

ACTION
action : redirect
to ports: 8080

Press ok.
Drag this rule to the first place.

Then go to ip -> web proxy

GENERAL
enable it
port : 8080

press button ACCESS

+ DST host : http://www.hotmail.com
action : allow
OK

+ DST host: *
action : deny
Hi! I 've just followed the steps, I do it for port 80 and 433 for https, but it blocks all websites including my website (google maps) wich I want to allow.
any help would be appreciated.

Re: How to block all websites except one

Posted: Sat Jul 22, 2017 12:49 pm
by susupikachu
i see you have opened another thread ??

The way it works is this :


You put this as first line in the firewalling when the in-interface is the interface where your packers arive .. if wireless put wlan there if your pc of pc's are connceted to ether1 you put ether1 there !

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 in-interface=****** protocol=tcp \
!to-addresses to-ports=8080

/ip proxy
set enabled=yes
/ip proxy access
add action=allow dst-host=www.hotmail.com
add action=deny dst-host=*



To do it in the gui =


ip -> firewall -> nat -> +sign

GENERAL
chain: dstnat
protocol: 6 tcp
dst.port 80
in.interface = put your input interface here !

ACTION
action : redirect
to ports: 8080

Press ok.
Drag this rule to the first place.

Then go to ip -> web proxy

GENERAL
enable it
port : 8080

press button ACCESS

+ DST host : http://www.hotmail.com
action : allow
OK

+ DST host: *
action : deny
HI, im config router by gui but i type mail.yahoo.com , it process. i don t understand. i deny * Please explain for me

Re: How to block all websites except one

Posted: Tue Aug 01, 2017 2:29 pm
by HexaPro
Hi, every time I enable the Dst Host = * all smartphone would be disconnected and says 'Sign in to Wi-Fi network' and they only connect for several second before disconnected again. Is there a solution for that problem?

Re: How to block all websites except one

Posted: Mon Aug 21, 2017 5:40 pm
by ZimboDude
Hi there. I am trying to redirect all websites to one website, it works on http websites but not https. Please help me resolve the problem.

/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=192.168.8.10-192.168.8.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether2 lease-time=3d name=dhcp1
/ip address
add address=192.168.8.1/24 interface=ether2 network=192.168.8.0
add address=192.168.1.2/24 disabled=yes interface=ether1 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.8.2 client-id=1:f0:9f:c2:d0:19:d0 comment="UniFi Mesh AP" \
mac-address=F0:9F:C2:D0:19:D0 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat
add action=redirect chain=dstnat dst-port=443 protocol=tcp to-ports=8080
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip proxy
set cache-path=web-proxy1 enabled=yes
/ip proxy access
add dst-host=www.bills.express
add action=deny dst-host=* redirect-to=www.bills.express
add action=deny dst-host=facebook.com redirect-to=www.bills.express
add action=deny dst-host=www.facebook.com redirect-to=www.bills.express
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Africa/Harare
/system identity
set name="Bills Express"

Re: How to block all websites except one

Posted: Mon Aug 21, 2017 10:21 pm
by whitbread
cutting a long story short, you cannot 'redirect' https with ROS. U have to use a proxy which supports https, Mikrotik doesnt...

Re: How to block all websites except one

Posted: Tue Aug 22, 2017 9:49 am
by ZimboDude
Thank you for the info! So what are my options? Can I block all https traffic and only allow my website (which is also https)? And how could I do that?