How can I block certain websites on a LAN during the day?

TheBigCheese

TheBigCheese

TheBigCheese

Soldato
Joined
6 Sep 2005
Posts
3,781
Hi guys

I hope this is the right forum for this, seemed like the logical solution!

I want to block a couple of websites during the work day, mainly Facebook and Imgur.

I have LAN (basic Windows 7 setup) with several machines connected to a switch and then to a router which is an Asus RT-N66U.

I've looked at the options in the router for filtering keywords and URLs in the firewall option but it didn't seem to really work.

It seemed to block my machine (the pages looked like they timed out) but it didn't affect the other machines on the network!

Also I would like something that will block at say 09:00 and unblock at 18:00 each day without manual intervention from me.

Is that something that's possible? Is it possible in the router or will it be software based that I need?

I'm using the latest Asus firmware in the router, I'm aware there are modified versions of the firmware out there but I don't really want to use them in case it invalidates the warranty (and I'm not sure how to do it!).

Thanks very much, I hope someone can offer some ideas.


Cheers!
 
Keyword filtering on the n66u can't block via https so won't block facebook reliably. (URL filtering will but is a bit flakey with stock firmware and also non flexible).

AFAIK theres no flexible way to do it on the n66u without a 3rd party firmware.
 
Last edited:
Thanks for the quick reply!

Hmmm, that's not the best news...from what you're saying, does third party firmware do what I want then?

If so, (despite what I said in the OP)...what do you suggest I should look at?
 
THanks very much for the posts guys, I'll freely admit I'm rather a novice with anything network related so I'm easily confused with this stuff.

Rroff said:
You'd probably want something DD-WRT based (heres the page on access restrictions with DD-WRT http://www.dd-wrt.com/wiki/index.php/Access_Restrictions ).

TBH Not got a huge amount of experience with DD-WRT as I've just used the Merlin FW on mine (doesn't have the extra features just stability/performance stuff).
Click to expand...

Looking at the pages, it does sound rather complicatated to do and easy to put the wrong thing on, does it do what I want it to do?


GodAtum said:
i use software called Untangle. its free and excellent.

http://www.untangle.com/store/lite-package.html
Click to expand...

This sounds handy and free is my favourite word! I'm a bit confused how it works though...do I install it on my machine, the target machines, all of them?

I was reading through the pages and came across something which worried me a bit:

Can I install Web Filter/Web Filter Lite on a single computer to use as Parental Control software?
No - Untangle is designed to operate as a gateway or transparent bridge for an entire network and is not meant to filter the computer it is installed on. Installing Untangle will wipe out all existing data on the PC it is installed to. For filtering a single PC, other Internet filter/Parental Control software can be used.
Click to expand...

From here

Does that actually mean it would wipe the PC if I try to install the software? That sounds a bit extreme...that can't be right...can it?
 
"Untangle installs to the hard drive of a PC, erasing all data on that drive in the process. Please be aware of this before starting the installation. Also note that Untangle requires at least two NICs to be installed before you start the installation."

Sounds a bit extreme - looks like the PC its running on has to be setup as the gateway for all internet traffic on the network to. (I'm assuming it only wipes and dedicates for its purpose a single drive but still).

DD-WRT would do everything you wanted in a single package and is pretty easy to setup once its flashed - the hard/possibly slightly risky part is flashing it onto the router.
 
Last edited:
Why don't you use something like OpenDNS? I've recommended this to tons of parents for parental controls, nowadays ISP routers come with Parental Controls but for the ones that don't this works a treat. Yes it has it's downsides. However the beauty of it is it's more useful than those parental control programs they put onto PC's because it works for phones/tablets etc.
 
Rroff said:
DD-WRT would do everything you wanted in a single package and is pretty easy to setup once its flashed - the hard/possibly slightly risky part is flashing it onto the router.
Click to expand...

Hyburnate said:
Why don't you use something like OpenDNS? Yes it has it's downsides. However the beauty of it is it's more useful than those parental control programs they put onto PC's because it works for phones/tablets etc.
Click to expand...


Thanks for the replies again guys, I think we're narrowing it down...it looks like it could be flashing the router.

What exactly is involved in that Rroff? I've upgraded the firmware in it before, but that's as easy as clicking a button in the software and letting it do the rest...not exactly hard like upgrading used to be!

What sort of process is involved in adding this new software onto it?

Also, say the router goes wrong while it's still under warranty, would I be able to flash it back to the proper firmware before sending it back (assuming it hasn't died completely?).



Hyburnate - what are the downsides to OpenDNS? I did look at it but I have to say I didn't understand a lot about it. I have to change the router settings to route the data through somewhere don't I? Where is that somewhere going and what are the implications for privacy and security?



Thanks all. :)
 
With OpenDNS it doesn't route the traffic through something else it just changes where your devices are looking up the hostname for a site before loading it - allowing you to effectively blackhole traffic by not returning a valid lookup. Its a bit of an all or nothing approach though.

Flashing non-official and non merlin FWs on the n66u is a bit involved (one of the reasons I've stuck with the Merlin FW as it loads straight in like the official ones).

http://www.dd-wrt.com/wiki/index.php/Asus_RT-N66U

As you can see its not really for the faint of heart :S though theres a reasonable chance of "unbricking" it via a recovery utility.
 
Not sure if open DNS do scheduling, might be best to check also ensure that the person that is going to be using it doesn't know how to change from using your OpenDNS servers to public DNS servers like google DNS for instance.

Failing that, I am using a netgear DG834GT at home as a wireless access point, pretty sure this does keyword/domain blocking on a schedule basis with DGTeam firmware
 
For Untangle, I installed it on a server in a VM which all traffic is routed through. Therefore it is very hard to get around the security rules. Very handy as I can block porn, Facebook etc.
 
As mentioned above, Untangle is excellent for small businesses etc but it needs a server/VM to run it on really - which doesn't sound like you have.
This sounds like a home environment, if you have access to each computer could you not just install K9 Web Protection on them? That does scheduling iirc.
 
You must log in or register to reply here.
Back
Top Bottom