I am looking at Netgear, SMC, 3COM. and others for IP blocking features. I am trying to block my home computers from accessing a certain internet IP or IP range and want to block certain internet IPs from accessing my home network.
I've read all the descriptions of the various routers but they are vague as to whether they have this function or not. If you already own one that does what I seek, please post a reply. TIA.
in message , wrote bitstream ...
I am using SMC 7004ABR (4-port router). It sure does the blocking w/ a mighty flaw. It does not send any kind of response to the user agent, e.g. a web browser, that the particular IP address is unreachable. It just sends the traffic to the blocked IP address to la la land, causing the user agent to wait, and wait, and wait some more.
Otherwise, i have no problems whatsoever.
- parv
My Smoothwall (with DansGuardian installed) performs IP Blocking with perfect reliability. It is very easy to configure the lists for blocked IP's and even for blocked file extensions. In addition, Smoothwall DOES send a message to the users GUI telling them that a site has been blocked and why. Pretty good for a $20 recycled PC running FREE software.
Let the Smoothie bashing begin!
Jeff
You look at the router's user manual that is online at the website for the router's FW like capabilities and their functionality. Netgear and Zyxel may have routers that may do what you need and maybe Linksys. There are other and you'll have to look at the manuals.
You could also look at a low-end FW appliance like WatchGuard Firebox III SOHO 6 or X5 series that can do what your asking or other low-end FW appliances.
Whatever you get make sure the router can do logging so that you can use a logviewer like WallWatcher so you can review the logs and see traffic in and outbound to/from the router or FW appliance.
FYI, Netgear can't do IP blocking. It does site/domain blocking. This doesn't help when you are trying to block out a teenage cable/dsl user's repeated attempts at hacking into your network.
FYI, Soho 6 only does "Blocked Sites List". Can't do IP blocking.
Boll Weevil wrote in news: snipped-for-privacy@4ax.com:
Why don't you try opening a WG SOHO 6 User Manual, because I can certainly do what that OP is requesting with my SOHO 6 by making *Custom Service* rules to block a single or multiple IP(s) inbound or outbound in addition to using the *Blocked Sites* list.
I can make rules to block a Network IP, Host IP or Host IP Range and that's inbound or outbound by TCP, UDP, protocol number and range of ports from 1-
65535 as the range.I can even fine granulate it by setting a rule that I don't want
192.168.111.4 using TCP port 80 to access 70.85.49.100 which will block the ip/machine from accessing that site outbound but allow the machine to access other sites using TCP 80 outbound.The WG is FW appliance and is NOT a NAT router.
However, I also looked at the user manual for one of those high-end Netgear NAT routers and one can make those rules it looked like to me.
FYI, the *Blocked Sites List* is by IP Host, Host Range, or Network IP. Duane :)
X-No-Archive: yes
Although some people will flame me and insist otherwise, the only way you are going to do what you want to do is to buy a another PC and use that as a gateway machine. Get another PC, with a second NIC card, and put AllegroSurf and Tiny Personal Firewall on it. The way AllegroSurf works, the only way the machines behind the gatway can get out is through proxies set up on the gateway machine, using either AllegroSurf, or another proxy program. What you want to do cannot be accomplished with a hardware appliance.
So does any *nix firewall - hell, even the crap from microsoft can do that.
You still haven't answered about the price of GPL support - or didn't you want to admit to a problem?
Has someone gone through and cleaned up all of the system() while SUID calls? Has Richard Morrell gotten his medication under control? Or do you feel that all the problems reported in comp.os.linux.security and alt.os.linux.smoothwall are meaningless
Nah, let's just laugh at the poor mis-guided fool who paid to much for his firewall hardware.
Old guy
No, Charles, the reason people will flame you is because you don't have the first clue about what you are posting. Totally.
How would you know Charles - you don't know anything about how an appliance works - so how could you know whether anything is possible or not. In fact, it's quite easy - even the spammer from Smoothwall knows how to do it. It's a simple routing question - something you've already demonstrated is beyond your skill or understanding.
Old guy
Yes, your solution is one possbile solution and at least I am not going to flame you about it. But I can certainly do that with the Watchguard FW appliance with no problems that the IP requests. And I suspect that some high-end NAT routers can do it too.
The strange thing here is that you insist that your solution is the only solution and that makes you questionable to say the least about it.
It would have seemed by now that you would be able to put 2 + 2 together and know that there is always more that one solution.
Duane :)
Old one, you're more than a little off the deep-end here. ;-)
Duane :)
Been there and done that. I had a window 2000 server gateway with a firewall and NAT(man I think I just openned up a can of worms!). I loved it since I could monitor all the traffic going in and out of my house. I could control and block IP to and from any of my machines in my house. But, the damn thing would lock up like once a month and it usually did it when I was a thousand miles away on business. I reinstalled several times and I made sure it was patched and so on. No help. I didn't want to spend time trouble shooting. I am resorting to a hardware solution instead of software. I may try Linux if I can't find a reasonable hardware solution. I'll take any helpful suggestions.
It probably locked up because you did not have enough memory. As I have said before if you are goign to have one of your PCs act as a NAT/Firewall, you need to have at LEAST
512MB of memory. I used to have the problem with my NAT/gateway/firewall box, when I was running it on a Celeron 667 with 123MB of RAM. I was forever having to reboot it, but that problem went away with I replaced that with a Athlon64 machine, running at 3.0GHz, and with 512 MB of RAM.
Well, another good idea is to turn off native Windows ICS, and have that NAT done by a third-pary program, such as AllegroSurf. I find the server is far less prone to crashing, and is also more secure and not vulnerabe to O/S exploits like Windows ICS is.
Here are the specs of that server:
PII 400 Mhz
512 ram 2x 40GB HDOther services: FTP
I don't know if the lack of ram is applicable here.
I'll take any helpful suggestions.
My suggestion would be to make sure you open up a user manual and read it. ;-)
Duane :)
X-No-Archive: Yes
Well, its all the other stuff you have to run with it, to make a network server. In addition to AllegroSurf, I have Tiny Personal Firewall acting as the network firewall. I have WebWsaher 3.0 acting as filter, Web proxy, ad-blocker, pop-up blocker, and cookie-crusher in one program. I have SpamBam to eliminate Spam, and I have NewsProxy to fulter Usenet.
Charles - what you fail to understand is that a quality firewall setup on ANY OS where the OS has been properly setup and hardened (yes, even Windows XP or Server) will run for years without a lot of memory.
An appliance however, could not filter by application, like TPF does. I tell it to allow Web Washer, which runs the HTTP proxy, to allow outgoing requests to port 80, while telling it not to allow AllegroSurf, which runs the Socks proxy to use port 80, or ports 1000-5300. Blocking those ports on the Socks proxy shuts down Kazaa and Grokster. This is the one advantage of my setup, over something with a hardware appliance. I can shut down Kazaa and Grokster, where the hardware appliances cannot do that.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.