How do I block net access to all but one site?

[Evil-I]

Hi all,

I've got to put some machines in an exhiition space connecting via broadband to a clients website. The only problem is that I need to make sure that the users can't go wandering off browsing elsewhere.

I've been playing with Zona alarm the software firewall I use and that looks as if the expert rules section should be capable of what I'm asking yet after an hour or two of fiddling I'm not doing too well at sorting it out.

Can anyone suggest how i might do the above, either using zone alarm or by any other method I'd be most grateful!

Thanks in advance.

E-I

P.S. I did consider trying to run the site locally but the complexity of the site would mean at least a weeks work to make it capable of running from the hard drive onsite.

 

[TriedandTested]

Couldnt you just use Opera and put it on full screen? Might be enough..and easy to do!

 

[Evil-I]

good thought, thanks for that, I'll use that as backup, but they can possibly bugger up stuff by right clicking and it would be really bad if it failed!

Any other thoughts much appreciated.

Someone here suggested net nanny so i'll check that out as well.

Thanks again,

E-I

 

[Deleted member 58846]

how about running an internal dns. point your workstations to your inside dns but dont put no recuring dns inside the dns server so that means the only place that can get out is to that site if pointed correctly.

I think this works as ive done this before to block specific sites. pointed the domain to an internal web server saying restricted site works a treat. good luck

 

[csmager]

how about running an internal dns. point your workstations to your inside dns but dont put no recuring dns inside the dns server so that means the only place that can get out is to that site if pointed correctly.

I think this works as ive done this before to block specific sites. pointed the domain to an internal web server saying restricted site works a treat. good luck

How about one simpler. Don't use any DNS. Just add a single entry into the hosts file to point the domain name to the relavent IP.

 

[Sone]

how about running an internal dns. point your workstations to your inside dns but dont put no recuring dns inside the dns server so that means the only place that can get out is to that site if pointed correctly.

I think this works as ive done this before to block specific sites. pointed the domain to an internal web server saying restricted site works a treat. good luck

only problem you have is they could type in the ip address?

 

[csmager]

only problem you have is they could type in the ip address?

It's on an exhibition stand. I'm sure you wont get that many people who are so desperate to go on the internet that they memorise the IPs of various websites. Plus a lot of sites are on shared hosting, so the IP is actually of no use without the domain name in the host header.

 

[Hades]

Some routers should be able to do exactly what you want. I'm fairly sure the Draytek Vigor series can do this.

Or, if you don't want to buy hardware then could you consider using Linux. The firewalling is quite sofisticated and can allow blacklists or whitelists of websites.