Avatar of LessonsLearned
LessonsLearned
 asked on

How can I block all computers on our network from accessing Facebook?

My boss wants me to block all users from accessing Facebook.  I am running a Windows 2008-R2 Standard Server which also is running DNS Server.

I want to block Facebook regardless of which browser is used to get to that site.  

The client computers are a combination of Windows XP, Windows Vista, Windows 7 and Windows 8.

I have read various articles on experts-exchange on how Facebook can be blocked, but the one option (that is the cheapest) suggests using a DNS Server entry of "127.0.0.1 www.facebook.com".  This seems to be the easiest solution, but I don't know how to implement it.

Your help is greatly appreciated.
Windows NetworkingNetwork Security

Avatar of undefined
Last Comment
LessonsLearned

8/22/2022 - Mon
Darr247

That method can easily be bypassed by specifying their own DNS server, such as one of google's (e.g. 8.8.8.8). It would be better to block it at your firewall appliance.

What do you have... PIX?  SonicWall? SMB?
Imal Upalakshitha

if you are in a smal enviornment you can do this at router level. Most of routers have this option & works great
LessonsLearned

ASKER
I have a Motorola 3347-02 (Netopia 3000) wireless router.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
SOLUTION
Imal Upalakshitha

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Darr247

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
OOsorio

Usually you would have the ISP's modem/router then your firewall and then the office network. In this scenario the block would be placed at the firewall level, very easy and fast procedure. If the scenario does not include the firewall then the block would be placed at the ISP's modem/router level.
amatson78

Install a free proxy/content filter like dans guardian with squid or an all in one opensource firewall like ipfire which has a built in proxy and content filter which if no cost.

Cheers, Alan
Darr247

Dan's Guardian is not free for commercial use
http://dansguardian.org/?page=pricing

Squid does not have binaries for Server 2008.
http://squid.acmeconsulting.it/

I'm still downloading IPFire, but it appears to require a dedicated computer with all traffic ran through it in both direction, not unlike a firewall appliance. And during the install it formats the hard drive to install itself as the operating system.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
LessonsLearned

ASKER
The software/firmware of the modem is 7.8.1R2
SOLUTION
LessonsLearned

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
LessonsLearned

ASKER
Router manual is attached.
Netopia-3347W-Router-Manual.pdf
LessonsLearned

ASKER
Here is a more detailed manual.  See pages 146 thru 165.  Especiall take a look at page 155 (blocking an IP address).
Netopia-3347-Router---Software-V.pdf
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Darr247

That appears to be an ATT-issued router, by the firmware version.
(see https://www.experts-exchange.com/questions/27598531/Netopia-3347-02-Firmware-version-7-8-1r2-PPOE.html - the manual linked in that thread is for version 7.5 firmware, the same as the one you uploaded here, which is good since that motorola link is dead now.)

Did you try calling their customer support and asking how to setup the Filter Sets in System Configuration? Possibly they would do it for you via remote.

Otherwise, some facebook IP addresses I came up with from DNS are
173.252.100.16
and
31.13.66.23

Block those in and out, and if you see anyone still manage to connect to facebook, note the full URL and check the DNS of the full URL and add it as another rule in the filter. e.g. www.facebook.com might DNS to a different IP address than the en-gb.facebook.com 3rd level domain name.
LessonsLearned

ASKER
I will replace this "old" Motorola Netopia 3347W router with a new D-Link ADSL2+ router which will enable me to block facebook by ip address or domain name.

Thanks for showing me where to look (in filter sets).
LessonsLearned

ASKER
I could not find "filter sets" in my "old" Motorola router, so I will replace the router with a new D-Link ADSL2+ router.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.