How do I block internet at work?

zaber

Active Member
Joined
Jun 7, 2009
Messages
89
We have an incoming satellite internet signal, followed by a CISCO (Model BEFSR41 4 Port Switch) router. Hereafter the signal is fed to 19 computers on site via a local network. We do not have a server and there is no pc between the router and the network.

I only want to allow 4 senior persons to have full internet access, the rest of the guys most only be able to access their Gmail accounts in order to send and receive e-mails, nothing else.

I have asked around, but can't find a solution. Some guys say if I block Google then Gmail will also be blocked seeing that they are linked somehow.

Any thoughts/ideas on how to solve this problem please, seeing that my knowledge is extremely limited on this subject?
 

Valis

Expert Member
Joined
Oct 2, 2007
Messages
1,244
I use Netlimiter on our LAN at work. Very powerful little freeware program :)
 

Tsimo

Well-Known Member
Joined
Jan 20, 2006
Messages
353
get a cheap smoothwall box.
old perntium PC wiht 512 mb ram
 

rajharie

Well-Known Member
Joined
Mar 2, 2006
Messages
223
I use a combination of rules on the router that allows on a certain range of IPs out onto the internet. The IPs outside of this range have access but http is blocked. We also use Google Apps and I have configured in the Google Apps Admin Dashboard that only https access to mail is allowed, ie only https://mail.google.com/a/xxxxxx and not http://mail.google.com/a/xxxxxx
If you are not using Google Apps then I think that there is a setting within your users Gmail settings that allows https access which they just need to enable or send them a link to https://www.gmail.com
I also use OpenDNS to restrict access but OpenDNS is not a blocking tool.
Our router is a simple Linksys device.
Hope this helps
 

repitah

Well-Known Member
Joined
Jul 4, 2005
Messages
311
Probably possible with difficulty. Unfortunately I'm only doing my cisco training in a few weeks.

If the router has the capability, maybe create an ACL to block all (except the people/ip's needed), and another to allow the others to the google subnets on pop/smtp ports. (rule order will probably be something like allow full for X, allow mail for Y, deny all)
Easiest would most likely be to put a small/old machine (old p3/p4?) between them and the router/satellite with a transparent proxy & router.
 

dotnerd

Well-Known Member
Joined
Apr 16, 2007
Messages
340
Probably possible with difficulty. Unfortunately I'm only doing my cisco training in a few weeks.

If the router has the capability, maybe create an ACL to block all (except the people/ip's needed), and another to allow the others to the google subnets on pop/smtp ports. (rule order will probably be something like allow full for X, allow mail for Y, deny all)
Easiest would most likely be to put a small/old machine (old p3/p4?) between them and the router/satellite with a transparent proxy & router.


This is a Linksys device so it doesnt run IOS .... good thing youre going on that course hey.. :-D
 

Cube3

Expert Member
Joined
Jun 3, 2008
Messages
1,341
Is this a Cisco router or a Linksys router provided by Cisco ? There's a huge difference. I ran the model number and it comes up with Linksys.

If its Linksys, setup the Mac address filtering in the Security tab.

If you want to allow those people to also have Gmail access, that might be a problem because the mac filter will block mostly everything.

You would most likely need some sort of firewall/content filter device/application to meet your needs, as said above.

If this is an actual Cisco device, then it gets a lot more complicated.
 

syntax

Executive Member
Joined
May 16, 2008
Messages
8,656
We have an incoming satellite internet signal, followed by a CISCO (Model BEFSR41 4 Port Switch) router. Hereafter the signal is fed to 19 computers on site via a local network. We do not have a server and there is no pc between the router and the network.

I only want to allow 4 senior persons to have full internet access, the rest of the guys most only be able to access their Gmail accounts in order to send and receive e-mails, nothing else.

I have asked around, but can't find a solution. Some guys say if I block Google then Gmail will also be blocked seeing that they are linked somehow.

Any thoughts/ideas on how to solve this problem please, seeing that my knowledge is extremely limited on this subject?

there are tons and tons of solutions....what is ur budget? Are the machines the drones using belonging to you or their own? How are ip's allocated?
You have options like:
paid for filtering service (something like websense express would work very well)
free firewall distribution with filtering plug in ( as advised by others)
Dns blocking
Client side AV Application control rules ( IE lock AV settings and use Application control to disallow browsers, then allow outlook to be configured to connect to gmail?)
Some routers/modems allow url blocking out of the box
et etc etc
 

zaber

Active Member
Joined
Jun 7, 2009
Messages
89
Is this a Cisco router or a Linksys router provided by Cisco ? There's a huge difference. I ran the model number and it comes up with Linksys.

If its Linksys, setup the Mac address filtering in the Security tab.

If you want to allow those people to also have Gmail access, that might be a problem because the mac filter will block mostly everything.

You would most likely need some sort of firewall/content filter device/application to meet your needs, as said above.

If this is an actual Cisco device, then it gets a lot more complicated.

I wanted to post some pics of the router,but see that I am not allowed. Well, on the front is shows CISCO and on top it also shows LINKSYS.
 

Splice

Senior Member
Joined
Feb 8, 2010
Messages
655
Squid, Untangle or if you have a lot of money get an ISA server
 

Cube3

Expert Member
Joined
Jun 3, 2008
Messages
1,341
Cool its Linksys, but it's not going to sort out the issue of blocking people and giving them Gmail specific access.....

It might be worth while getting a router that supports a content filter which will allow you to configure websites permitted etc.

Alternatively get an opensource box..... PFsense provides you with lots of functionality and its free to download.... relatively easy to install and configure.
 

Elvis007

Well-Known Member
Joined
Dec 24, 2009
Messages
156
I would rather be burnt alive

Ja, rather leave the MS stuff for the pro's

We just threw out 2 fortigate firewalls after 1 week, useless compared to ISA..., better that ISA 2006, but does not come close to TMG
 

foulmouth

Well-Known Member
Joined
Jun 14, 2010
Messages
161
dude why not get an IT guy to do it for you ?

I would charge R150 Site evaluation and then R300 to do the whole implementation.
 
Top