Firewall/NAT

Hello everyone,

I'm a total novice and don't understand most of what I've read here so far. So please, be patient with me.

I was given a m0nowall 1.3b15 by my late brother to help secure our home network. Since his passing, I've not be able to figure out how to block myspace.com via this m0n0wall. Heck, I don't even know if its possible.

Basically I'd like to see if someone can give me step by step instruction on blocking myspace.com. I'd also like to be able to see if / when attempts are made to acccess myspace.com.

In addition, if possible, I'd like to monitor all website activity.

Please remember, I'm a total novice.

Thank you!
FlaDad

[myspace.com]

Hi FlaDad,

I presume that MySpace uses only own servers, not shared ones. So you can just block the IP addresses pointing to myspace.com and www.myspace.com.

Just create a rule on the LAN interface blocking the targets 63.135.80.49 and 216.178.38.116 on target port 80 (HTTP). As source define the LAN subnet with source "all".

Hope this helps.

Cheers
Karel

Just saw that MySpace uses the Akamai service. This is a server network around the world allowing load balancing. So you can't block MySpace based on just IP addresses. Usually you would need to implement a proxy server which would allow to prevent any access to e.g. MySpace.

As an easy way for you, might be setting up DNS entries for the two names (myspace.com and www.myspace.com) pointing to a fake address like 127.0.0.1. This will only work if you use the firewall as a DNS forwarder.
If you like, you can block other DNS requests via public servers.

Checkout  http://www.opendns.com/  It's a great service and it's Free!  If you go with opendns, you should block outbound DNS request (both TCP and UDP) to everything except 208.67.222.222 and 208.67.220.220 (the primary and secondary opendns servers).

CS...

Checkout  http://www.opendns.com/  It's a great service and it's Free!  If you go with opendns, you should block outbound DNS request (both TCP and UDP) to everything except 208.67.222.222 and 208.67.220.220 (the primary and secondary opendns servers).

CS...

Just confirming what CW said is in my opinion the best way.

Another way, turn on the DNS forwarder, set up a firewall rule that blocks all DNS from the LAN, then create an override for myspace.com that points to somewhere else (maybe 127.0.0.1 or for fun, another website like google.com, that would confuse them)

That way you don't need to keep track of all the IP.

Both my way and the other posted earlier have ways to get around it, but hope they won't be clever enough to do it. 

Thanks for the replies.

I don't mean to sound dumb, however I sure feel dumb.

From what I do understand from the replies, which may be very little, I can not simply block myspace.com - OK.

So, without adding another piece of software I don't understand, can someone give me step-by-step directions in dummy terms? Go to this window, click here. Now click there and enter this info... etc.