Desde el "MarketPlace" de ClearOS, busca, instala y configura "Gateway Management Community" desde la nube podrás administrar el servidor https://dashboard.contentfilter.net

I should also add blocking by source IP alone, is easy to get round as your user can just change their static IP to something else unless you have enforced restrictions on their PC (domain user rights etc)

If this is a problem, then go for the first option - add youtube.com to the content filter site list (under banned sites), then define which users can bypass the proxy

Hi Paul, it is a little difficult to acheive this using the content filter. Normally you would set up the content filter to be quite restrictive for all users, then specify individual groups or IP's which can bypass the content filter. Trying to specify a single site block for one IP is not does not appear possible with the filter groups

You can use the content filter in transparent mode without problems (just make sure it's turned on)

I would suggest you use the firewall, install the advanced firewall module and create an outgoing block for the range of IP addresses that you tube uses, and the source of your LAN IP. [note don't specify ports as their is a bug with outgoing blocks that swaps destination and source]

yum install app-firewall-advanced

You can also do it manually with iptables:-

iptables -I FORWARD -s 192.168.1.2 -d 74.125.79.0/24 -j DROP

If the above works, you can add it to /etc/rc.d/rc.firewall.local to make it permanent

Note that youtube use lots of IP's on various servers, hence why i''ve blocked the whole 74.125.79.x range

[root@starlane ~]# nslookup youtube.com

Server:         127.0.0.1

Address:        127.0.0.1#53



Non-authoritative answer:

Name:   youtube.com

Address: 74.125.67.100

Name:   youtube.com

Address: 74.125.127.100

Name:   youtube.com

Address: 74.125.45.100



Also seen connections to:-

74.125.79.118

74.125.79.133

74.125.79.113

Hope that helps

Hi Paul,

As far as I know it should not make any difference if you use transparent or non transparent mode for Filtered Groups.

Content Filter

You can configure groups of IP addresses to simplify and organize workstation access to the web. For example in an educational environment you can add all administrator/staff IP addresses to a Staff group and add them to the Exempt User IP List.

Web Proxy

In transparent mode, all web requests from the local network automatically pass through the proxy. The advantage: no configuration changes are required on the workstations. The disadvantage: secure web sites (HTTPS) can not flow through the proxy.

If you are running the proxy in non-transparent mode, then you also have to adjust your web browser's proxy server settings. The web site or IP address that you add to the ClearOS web proxy bypass list should also be added to your browser's proxy exception list.

Greetings,

John

Jhon thanks for your reply my question is if what you tell me will work on transparent proxy mode

ok though i hope tim burguess will give me a hand and thanks again for you help my friend

Hi Paul,

You can try to add a "Filter Group" in the Content Filter.
There you can specify Content Filter settings / rules for specific users / ip addresses.

Greetings,

John

Tim Burgess es uno de los gurús de Linux muy hábil por aquí y estoy seguro que va a revisar este hilo después de poco tiempo. Si pudiera ayudar a que más lo haría, pero realmente no he tenido mucha suerte con el filtro de contenido de mí mismo. Sería una mala idea que me trató de responder a sus preguntas.

thanks a lot but I used the access list line -I INPUT  -s x.x.x.x -d 74.125.127.100  -j DROP but it did not work, I dont really know what else can I do to make it work, If you know some expert who can help me, so I can get in touch with him, by the way I use transparent proxy, thanks a lot for your help

Hola Pual. Esto es bastante complicado. No estoy familiarizado con el filtro de contenido y el proxy web. Me gustaría empezar por leer la siguiente documentación. Alguien con más experiencia que voy a publicar en breve y esperamos responder a sus preguntas.

De: http://www.clearfoundation.com/docs/user_guide/clearos_enterprise_5.1/content_filter

-------------------

Hi Paul. I'm not that familiar with the content filter and web proxy. I would start by reading the following documentation. Someone with more experience than I will post shortly and hopefully answer your questions.

From: http://www.clearfoundation.com/docs/user_guide/clearos_enterprise_5.1/content_filter

I would like to deny access to a certain IP Address to an specific web page for example

192.168.1.2 should not be able to connect to you tube

so the rest of the ip address would have access to you tube

¿Habla Inglés, o conoce a alguien que lo hace? Es difícil entender exactamente lo que usted necesita ayuda, y yo sólo estoy usando Google Translate, ya que no hablan español.

¿Qué hacer IP que desea bloquear?

Así que sólo está utilizando el proxy web y no el filtro de contenido?