Hola estoy usando ClearOS pero no se como bloquear el contenido de una ip
por ejemplo a una ip 192.168.X.X quiero que no ingrese a youtube pero pongo el acl pero sigue entrando alguien me puede ayudar
por ejemplo a una ip 192.168.X.X quiero que no ingrese a youtube pero pongo el acl pero sigue entrando alguien me puede ayudar
Share this post:
Responses (12)
-
Accepted Answer
Desde el "MarketPlace" de ClearOS, busca, instala y configura "Gateway Management Community" desde la nube podrás administrar el servidor https://dashboard.contentfilter.net -
Accepted Answer
I should also add blocking by source IP alone, is easy to get round as your user can just change their static IP to something else unless you have enforced restrictions on their PC (domain user rights etc)
If this is a problem, then go for the first option - add youtube.com to the content filter site list (under banned sites), then define which users can bypass the proxy -
Accepted Answer
Hi Paul, it is a little difficult to acheive this using the content filter. Normally you would set up the content filter to be quite restrictive for all users, then specify individual groups or IP's which can bypass the content filter. Trying to specify a single site block for one IP is not does not appear possible with the filter groups
You can use the content filter in transparent mode without problems (just make sure it's turned on)
I would suggest you use the firewall, install the advanced firewall module and create an outgoing block for the range of IP addresses that you tube uses, and the source of your LAN IP. [note don't specify ports as their is a bug with outgoing blocks that swaps destination and source]
yum install app-firewall-advanced
You can also do it manually with iptables:-
iptables -I FORWARD -s 192.168.1.2 -d 74.125.79.0/24 -j DROP
If the above works, you can add it to /etc/rc.d/rc.firewall.local to make it permanent
Note that youtube use lots of IP's on various servers, hence why i''ve blocked the whole 74.125.79.x range
[root@starlane ~]# nslookup youtube.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: youtube.com
Address: 74.125.67.100
Name: youtube.com
Address: 74.125.127.100
Name: youtube.com
Address: 74.125.45.100
Also seen connections to:-
74.125.79.118
74.125.79.133
74.125.79.113
Hope that helps -
Accepted Answer
Hi Paul,
As far as I know it should not make any difference if you use transparent or non transparent mode for Filtered Groups.
Content Filter
You can configure groups of IP addresses to simplify and organize workstation access to the web. For example in an educational environment you can add all administrator/staff IP addresses to a Staff group and add them to the Exempt User IP List.
Web Proxy
In transparent mode, all web requests from the local network automatically pass through the proxy. The advantage: no configuration changes are required on the workstations. The disadvantage: secure web sites (HTTPS) can not flow through the proxy.
If you are running the proxy in non-transparent mode, then you also have to adjust your web browser's proxy server settings. The web site or IP address that you add to the ClearOS web proxy bypass list should also be added to your browser's proxy exception list.
Greetings,
John -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Tim Burgess es uno de los gurús de Linux muy hábil por aquí y estoy seguro que va a revisar este hilo después de poco tiempo. Si pudiera ayudar a que más lo haría, pero realmente no he tenido mucha suerte con el filtro de contenido de mí mismo. Sería una mala idea que me trató de responder a sus preguntas. -
Accepted Answer
thanks a lot but I used the access list line -I INPUT -s x.x.x.x -d 74.125.127.100 -j DROP but it did not work, I dont really know what else can I do to make it work, If you know some expert who can help me, so I can get in touch with him, by the way I use transparent proxy, thanks a lot for your help -
Accepted Answer
Hola Pual. Esto es bastante complicado. No estoy familiarizado con el filtro de contenido y el proxy web. Me gustaría empezar por leer la siguiente documentación. Alguien con más experiencia que voy a publicar en breve y esperamos responder a sus preguntas.
De: http://www.clearfoundation.com/docs/user_guide/clearos_enterprise_5.1/content_filter
-------------------
Hi Paul. I'm not that familiar with the content filter and web proxy. I would start by reading the following documentation. Someone with more experience than I will post shortly and hopefully answer your questions.
From: http://www.clearfoundation.com/docs/user_guide/clearos_enterprise_5.1/content_filter -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »