slamit
asked on
Blocking specified websites through Cisco IOS on ADSL router
Hi,
One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.
They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.
I've done a fair bit of research trying to get the router to block traffic to those particular sites.
I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.
That's fine though... in the short term, I just want to block these sites any way I can.
I'm no ACL expert, but I tried the below:
=================
interface Dialer0
...
ip access-group block-web out
...
ip access-list extended block-web
remark Block specified websites
remark SDM_ACL Category=1
permit tcp any any
deny tcp any eq www 216.178.38.0 0.0.0.255 eq www
=================
The 216.178.38.0 network is the one the MySpace servers appear to be on.
When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.
Any ideas on what I'm doing wrong?
Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...
Thanks in advance!
One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.
They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.
I've done a fair bit of research trying to get the router to block traffic to those particular sites.
I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.
That's fine though... in the short term, I just want to block these sites any way I can.
I'm no ACL expert, but I tried the below:
=================
interface Dialer0
...
ip access-group block-web out
...
ip access-list extended block-web
remark Block specified websites
remark SDM_ACL Category=1
permit tcp any any
deny tcp any eq www 216.178.38.0 0.0.0.255 eq www
=================
The 216.178.38.0 network is the one the MySpace servers appear to be on.
When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.
Any ideas on what I'm doing wrong?
Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
batry_boy
BTW, you won't be able to use the DNS method on a router because the router cannot reference an FQDN as part of an access list statement...it's a bummer, I know, because I would love to be able to do this and have tried myself.
ASKER
Awesome, thanks so much!! :)
You're welcome!