Solved

Blocking specified websites through Cisco IOS on ADSL router

Posted on 2007-12-05
4
2,721 Views
Last Modified: 2008-02-01
Hi,

One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.

They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.

I've done a fair bit of research trying to get the router to block traffic to those particular sites.

I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.

That's fine though... in the short term, I just want to block these sites any way I can.

I'm no ACL expert, but I tried the below:

=================
interface Dialer0
 ...
 ip access-group block-web out
 ...

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 permit tcp any any
 deny   tcp any eq www 216.178.38.0 0.0.0.255 eq www
=================

The 216.178.38.0 network is the one the MySpace servers appear to be on.

When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.

Any ideas on what I'm doing wrong?

Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...

Thanks in advance!
0
Comment
Question by:slamit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20417070
Try making the access list look like the following:

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 deny   tcp any 216.178.38.0 0.0.0.255 eq www
 permit ip any any

See if that helps...
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417074
BTW, you won't be able to use the DNS method on a router because the router cannot reference an FQDN as part of an access list statement...it's a bummer, I know, because I would love to be able to do this and have tried myself.
0
 

Author Comment

by:slamit
ID: 20417092
Awesome, thanks so much!! :)
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417135
You're welcome!
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question