Possible to block all website except for a few?

Discussion in 'Tomato Firmware' started by ghurty, Apr 15, 2010.

  1. ghurty

    ghurty Networkin' Nut Member

    Is it possible to block all websites access except for a few. And those few are only accessible with a password?

  2. ghurty

    ghurty Networkin' Nut Member

  3. rhester72

    rhester72 Network Guru Member

    Probably not with a router-based solutions - they don't deal well with L7 problems, which this is. You'll probably want to set up some sort of proxy server on a dedicated machine and find a way to force that proxy to be used by all clients - non-trivial in a Windows environment, all-but-impossible on Mac/Linux.

  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Actually, with just two iptables entries on the router, all traffic can be transparently forwarded to a proxy - regardless of the OS of the clients (since they have no idea it's going on).
  5. Azuse

    Azuse LI Guru Member

    Wth. It's called a white-list, it's present on alot of consumer routers since they finally realises afew years back that blacklisting the internet was an impossible task.

    You could probably script your own whitlist in tomato, why it doesn't have it by default is odd, but password wise proxy would be the way to go.

    L7 and impossible mac/linux proxy :rolleyes:
  6. rhester72

    rhester72 Network Guru Member

    SgtPepper: I honestly didn't think of that, my bad - it's an extra NAT but a pretty clean solution in this case.

    Azuse: Whitelisting is trivial, password blocking whitelisted sites less so - that was the whole point I was trying to make.

  7. Porter

    Porter LI Guru Member

    Disabling packet forwarding is a rather trivial job. And if ghurty's users shouldn't be allowed to even check their mail it's even less complicated. The only problem would be to have a proxy. So far nobody posted anything about any projects. I just found a lightweight proxy solution called tinyproxy. Maybe that's something even Tomato can run - and hopefully your hardware router...
  8. rhester72

    rhester72 Network Guru Member

    I don't think tinyproxy supports password-based authentication. I was thinking srelay would be a good choice to map the outbounds _if_ no password was required, the password requirement definitely makes it a lot more difficult. (It wasn't clear from the request whether we're talking per-user passwords with full authentication or just a generic same-for-everybody password, but that also makes a huge difference.)

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice