Well guys, My uncle called me weeks ago, and asked me if i could do something to restrict the Internet access for his staff (about 15 people) in his law firm. The thing is, they do not finish their work on time because some of them access sites like youtube.com and a few other sites during their working hours.
Even after confronting them , and giving them 1 last chance, they abused their privilege so he wanted this to stop. I bought a low cost computer (Pentium 4 machine) , added another NIC on it (1 on-board, 1 PCI) and installed Fedora 11 on it. Configured Squid as well as the iptables. The Squid has been configured to block all sites except the sites that we wanted them to access (about 8 or 9 sites, which are related to banks). This worked fairly well, except that the machine would sometimes crash or reboot, thus halting the access of these staff for a while. The RAM and HDD space is sufficient enough, and the cache settings for squid is not too high, in which it doesn't exceed the RAM or even the HDD.
I recently purchased a router for my house, WRT54GL since my All in one (router+modem+switch) Asus wireless router would drop the WAN connection randomly every 24 ~ 48 hours, while torrenting. Then i read about WRT54GL and thought it'l be a great solution to this. Then i flashed it with tomato firmware and it worked great. Tomato Victek's mod to be exact.
While searching for other firmwares, i stumbled upon this site. From the screenshots, Gargoyle firmware looks quite steady and judging from the forum, i should think that it is as good as tomato. Now i was thinking , if I should replace the computer in my uncle's office that is serving as a webproxy to block out sites? My uncle has recently quaried around and someone recomended him to get a firewall router, which costs about RM990 (USD$282).
Then i came to think that , perhaps if gargoyle should have this feature where it could block out all sites except the bank sites (whitelist) it would be a much cheaper solution. (coincidently, i found gargoyle's forum again , while doing a search in Google of how to block all sites and allow only white list sites on wrt54gl).
For the tomato's firmware, i could block out sites from Access Restriction menu. However, i would have to insert all sites manually , and that isn't possible. People have recommended to use OPENDNS's blocking service, but i found that some sites are still allowed to be accessed, and we don't want that although you could add those sites in OPENDNS's blacklist.
Basically, what i am asking is, Could i block all sites (blacklist) except a few, around 8 or 9 sites (whitelist) using Gargoyle's firmware for WRT54GL?
Question about blocking all sites except a few (whitelist)
Moderator: Moderators
Re: Question about blocking all sites except a few (whitelist)
Yes, Gargoyle has a whitelist feature.
First you would add a "block all" rule...
Then add your whitelist rule...
First you would add a "block all" rule...
Then add your whitelist rule...
Re: Question about blocking all sites except a few (whitelist)
Thank you very much BikeMike. It was very nice of you to provide a set of screenshots as well. Now we don't have to spend alot of $$ on a router to do this when we could just get a WRT54GL, load it up with Gargoyle firmware and it'll do it's job just like the $282 router would.
Thank you once again BikeMike.
Thank you once again BikeMike.
Re: Question about blocking all sites except a few (whitelist)
I flashed my WRT54GL to test out the blocking + whitelist feature in Gargoyle before i recomend my uncle to buy one, and i encountered an issue with the blocking.
This is the overview of the menu.
This is the settings for blocking
This is the settings for the whitelist
**Some of the urls are not in full. This is because i was testing them since my previous attempts were unsuccessful, i thought it had to do with the url's that i've entered**
Now the issue is that, When i have saved the settings, I wouldn't be able to access any of those sites that are in the whitelist. The only site that i could access is the router's page. And i could ping 192.168.1.1 but not the internet, specifically the sites in the whitelist.
Perhaps there is something missing from the settings?
This is the overview of the menu.
This is the settings for blocking
This is the settings for the whitelist
**Some of the urls are not in full. This is because i was testing them since my previous attempts were unsuccessful, i thought it had to do with the url's that i've entered**
Now the issue is that, When i have saved the settings, I wouldn't be able to access any of those sites that are in the whitelist. The only site that i could access is the router's page. And i could ping 192.168.1.1 but not the internet, specifically the sites in the whitelist.
Perhaps there is something missing from the settings?
Re: Question about blocking all sites except a few (whitelist)
Nope, you're not missing anything: it's a bug. Thanks for pointing it out! It should be fixed in 1.0.10 (just uploaded).
Re: Question about blocking all sites except a few (whitelist)
Thank you Eric. Flashed my router with the new version and i could access the sites in the whitelist. However, there is another bug i believe.
I am unable to access sites that are in HTTPS. For example, when i login to the site,
http://maybank2u.com.my
and tried to access the login page (https://www.maybank2u.com.my/mbb/m2u/co ... tion=Login)
The page would just halt as if it was being blocked. I tried setting the option to allow (https://www.maybank2u.com.my) , tried different settings (exact url , contains url, domain etc) none worked.
So i believe it might be a bug that doesn't allow https connections.
I am unable to access sites that are in HTTPS. For example, when i login to the site,
http://maybank2u.com.my
and tried to access the login page (https://www.maybank2u.com.my/mbb/m2u/co ... tion=Login)
The page would just halt as if it was being blocked. I tried setting the option to allow (https://www.maybank2u.com.my) , tried different settings (exact url , contains url, domain etc) none worked.
So i believe it might be a bug that doesn't allow https connections.