[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

Block Internet Access

Greetings Experts,

I have one internet connection and I would like to restrict internet surfing and allow only one remote website of ip cameras.

What do you suggest in order to accomplish the above scenario?

Use a Web Filtering Program? (if yes do I need a 24/7 computer)
Software Firewall?
Router with built-in Firewall?

I am looking for a non-expensive solution. (kindly post type or manufacture for the above software or hardware)
2 Solutions
Some routers will allow or deny all except for a certain range of ips (some even use keywords)

all routers vary widely, even under the same manufacturer so check each page of your router config for this setting.

If you don't have it, the next best option is to use a 2ndary server (yes you will need another computer, but it can be a 10yr old one) Install linux on this machine and place it between your internet connection and router.

Some fairly basic config would be required to deny all then allow (aka the ip of the the http server)
How many PCs are you needing to block?  If it is just one ot two, then you could probably do it with Windows software firewall on the PCs.

Another trick is to blank out the DNS server setting on each PC, then enter only the hostnames you want them to go to in c:\windows\system32\drivers\etc\hosts file.  They will not be able to resolve any names that you have not entered.

themrrobert also makes a good suggestion.  I would recommend pfsense for a pretty easy turn-key unix router distrobution.  You do not need to know anything about unix/linux to set it up (config is via a nice web interface).  http://www.pfsense.org/   An old Pentium 4 type PC is all you would need for pfsense.

This is not quite what you are asking for, but still worth a look:  If you want to control web surfing by the not allowing certain types of sites but allowing others, then opendns.com is a great free service that will do this with no extra hardware or software.
All routers allows incoming firewall filter, but few do have outgoing firewall filters, and most of them uses keyword blocking, or site address blocking, and very few of those uses "block all" with exclude list,

the best simple way is not to enable the router to be a  gateway for your subnet, and make for it a different subnet that only recognized by the IP camera
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Oh yes, OpenDNS is a great tool

Ty evan I forgot about pfsense, I was about to pay for untangle licensing xD
Very welcome :)  

I have a 130 user company that uses OpenDNS instead of a $10,000 iPrism web filter--iPrism was our first choice but OpenDNS gives us what we need for free.

Assuming you have a standard kind of Active Directory network (where the PCs all look to your domain controllers for DNS), then all you have to do is have all the DCs lookup against Open DNS and block outbound DNS at the router except for the DCs.  Instant free web filter!  The only real limitation is you cannot have different access levels for different users as the filtering config is global to the public IP you are using, but compared to the cost of something that does have per-user control the CEO decided they could live without it.  Having said all this, I would recommend iPrism if that's what you need--I have it setup elsewhere and it works as advertised with little fuss.

On the original topic--pfsense will filter outbound traffic based on port or LAN origination IP address.  I regularly buy Cisco 3600 routers with two fast ethernet interfaces for $400 or less.  In this day and age, there's no good reason to be stuck with a crumby "hasbro router" that will not filter outbound traffic.  This is not a premium feature any more.  Don't quote me, but I think I recently saw a Linksys/Cisco RV 120W that would block outbound and it is only $100 and includes wireless,
mamelasAuthor Commented:
Experts thank you all for your detailed replies.

My apologies but I am a little bit confused…

First of all the above scenario is applicable for House Project.
I don’t have DC’s, I don’t have Server and I cannot create any VLAN.

 That’s why I am looking  for a non-expensive solution.

Internet should be provided by a wireless router.

So any computer connected to the router (Wired or Wireless) should be blocked to access internet  and be allowed to one specific web-page (provided from an exclusion list).

So what should I do?
Remove default gateway from NIC.  This will prevent surfing.
From command line enter
Route add x.x.x.x y.y.y.y
X.x.x.x is ip camera
Y.y.y.y is default gateway (router ip)
Rich RumbleSecurity SamuraiCommented:
Yep, that will do it, but you have to modify your DHCP server in the wifi or assign the IP's by hand (static) and turn off DHCP.

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now