Block Internet Access

Posted on 2011-10-03
Last Modified: 2012-05-12
Greetings Experts,

I have one internet connection and I would like to restrict internet surfing and allow only one remote website of ip cameras.

What do you suggest in order to accomplish the above scenario?

Use a Web Filtering Program? (if yes do I need a 24/7 computer)
Software Firewall?
Router with built-in Firewall?

I am looking for a non-expensive solution. (kindly post type or manufacture for the above software or hardware)
Question by:mamelas
    LVL 13

    Expert Comment

    Some routers will allow or deny all except for a certain range of ips (some even use keywords)

    all routers vary widely, even under the same manufacturer so check each page of your router config for this setting.

    If you don't have it, the next best option is to use a 2ndary server (yes you will need another computer, but it can be a 10yr old one) Install linux on this machine and place it between your internet connection and router.

    Some fairly basic config would be required to deny all then allow (aka the ip of the the http server)
    LVL 6

    Expert Comment

    How many PCs are you needing to block?  If it is just one ot two, then you could probably do it with Windows software firewall on the PCs.

    Another trick is to blank out the DNS server setting on each PC, then enter only the hostnames you want them to go to in c:\windows\system32\drivers\etc\hosts file.  They will not be able to resolve any names that you have not entered.

    themrrobert also makes a good suggestion.  I would recommend pfsense for a pretty easy turn-key unix router distrobution.  You do not need to know anything about unix/linux to set it up (config is via a nice web interface).   An old Pentium 4 type PC is all you would need for pfsense.

    This is not quite what you are asking for, but still worth a look:  If you want to control web surfing by the not allowing certain types of sites but allowing others, then is a great free service that will do this with no extra hardware or software.
    LVL 12

    Expert Comment

    All routers allows incoming firewall filter, but few do have outgoing firewall filters, and most of them uses keyword blocking, or site address blocking, and very few of those uses "block all" with exclude list,

    the best simple way is not to enable the router to be a  gateway for your subnet, and make for it a different subnet that only recognized by the IP camera
    LVL 13

    Expert Comment

    Oh yes, OpenDNS is a great tool

    Ty evan I forgot about pfsense, I was about to pay for untangle licensing xD
    LVL 6

    Expert Comment

    Very welcome :)  

    I have a 130 user company that uses OpenDNS instead of a $10,000 iPrism web filter--iPrism was our first choice but OpenDNS gives us what we need for free.

    Assuming you have a standard kind of Active Directory network (where the PCs all look to your domain controllers for DNS), then all you have to do is have all the DCs lookup against Open DNS and block outbound DNS at the router except for the DCs.  Instant free web filter!  The only real limitation is you cannot have different access levels for different users as the filtering config is global to the public IP you are using, but compared to the cost of something that does have per-user control the CEO decided they could live without it.  Having said all this, I would recommend iPrism if that's what you need--I have it setup elsewhere and it works as advertised with little fuss.

    On the original topic--pfsense will filter outbound traffic based on port or LAN origination IP address.  I regularly buy Cisco 3600 routers with two fast ethernet interfaces for $400 or less.  In this day and age, there's no good reason to be stuck with a crumby "hasbro router" that will not filter outbound traffic.  This is not a premium feature any more.  Don't quote me, but I think I recently saw a Linksys/Cisco RV 120W that would block outbound and it is only $100 and includes wireless,

    Author Comment

    Experts thank you all for your detailed replies.

    My apologies but I am a little bit confused…

    First of all the above scenario is applicable for House Project.
    I don’t have DC’s, I don’t have Server and I cannot create any VLAN.

     That’s why I am looking  for a non-expensive solution.

    Internet should be provided by a wireless router.

    So any computer connected to the router (Wired or Wireless) should be blocked to access internet  and be allowed to one specific web-page (provided from an exclusion list).

    So what should I do?
    LVL 20

    Accepted Solution

    Remove default gateway from NIC.  This will prevent surfing.
    From command line enter
    Route add x.x.x.x y.y.y.y
    X.x.x.x is ip camera
    Y.y.y.y is default gateway (router ip)
    LVL 38

    Assisted Solution

    by:Rich Rumble
    Yep, that will do it, but you have to modify your DHCP server in the wifi or assign the IP's by hand (static) and turn off DHCP.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now