MWeb Business Website Blocking

D

Dean

Expert Member
Joined
Aug 19, 2005
Messages
3,021
Reaction score
277
Howzit Mweb Operations

A client of mine on MWeb Business uncapped (with locked Cisco 800 series router) wants to block Facebook access from within their network.

To my knowledge, this should be easy to do... but for some reason the tech who I spoke to at the Mweb Business helpdesk said that the router is incapable of doing that.

I have an idea or two as to how we can go about it, but still waiting for "an engineer to get back to us regarding the problem". I left my personal mobile number with the helpdesk too - haven't heard anything since the query was lodged on Monday.

Please advise on how we can move forward.

With thanks
Dean
 
The techs at MWEB business does not know to much about the cisco routers. (neither do I, but know more than them it seems) Had endless problems with ours, in the end I asked them to give me the login or come and fetch their crap and can the contract.. They gave me the login, never had any more problems after I fixed their mess.
 
We used the Cisco alternative for long time, and had to setup a IPCOP box to do the filtering,
currently running a Firebox - which might be a solution for you guys.
Who the hell wants to phone a separate company every time you need something blocked / unblocked anyway...
Too much schlep Im sorry - just do it yourself, way more reliable - and cheaper at the end of the day
Unless the IT guy - (YOU ?) are incapable of drawing up a implementation plan and getting the ball rolling ?
 
Anthropoid said:
We used the Cisco alternative for long time, and had to setup a IPCOP box to do the filtering,
currently running a Firebox - which might be a solution for you guys.
Who the hell wants to phone a separate company every time you need something blocked / unblocked anyway...
Too much schlep Im sorry - just do it yourself, way more reliable - and cheaper at the end of the day
Unless the IT guy - (YOU ?) are incapable of drawing up a implementation plan and getting the ball rolling ?
Click to expand...

What's cheaper than phoning Mweb to type a couple lines of commands into your already-paid-for router?

All the client wants is to simply block facebook, permanently, for all users... no changing, no unblocking sometimes, no other sites.
This is a very simple query and I believe your method is more complicated, will take more work time, and thus land up costing the client more loads more than what it should.

Appreciate the idea - if MWeb can't get it done quickly, I'll have to resort to that.
 
Heh this is actually very possible, all you need to do is null route all the facebook ip ranges.

To make your life even easier, here are the ranges you need to block:
204.15.20.0/22
74.119.76.0/22
69.63.176.0/20
69.28.179.0/24
66.220.144.0/20

Even if users try to manually use the local caching servers for facebook, they won't be able to log in once their cookie expires, which needs the above ranges to get them logged back in.
 
Tinuva said:
Heh this is actually very possible, all you need to do is null route all the facebook ip ranges.

To make your life even easier, here are the ranges you need to block:
204.15.20.0/22
74.119.76.0/22
69.63.176.0/20
69.28.179.0/24
66.220.144.0/20

Even if users try to manually use the local caching servers for facebook, they won't be able to log in once their cookie expires, which needs the above ranges to get them logged back in.
Click to expand...

Heeeeey that was my idea ;)

You sure all those IPs are correct? I only knew of 69.63.176.0 - 69.63.191.255
 
Dean said:
Heeeeey that was my idea ;)

You sure all those IPs are correct? I only knew of 69.63.176.0 - 69.63.191.255
Click to expand...
Yup I am pretty sure they are correct.

Telnet to tpr-route-server.saix.net
Code: 
tpr-route-server>show ip bgp regex 32934
BGP table version is 31844138, local router ID is 196.25.246.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
* i66.220.144.0/21  196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i66.220.152.0/21  196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i66.220.159.0/24  196.43.9.240             2    100      0 3549 32787 32934 i
* i                 196.43.9.240             2    100      0 3549 32787 32934 i
* i                 196.25.9.45              2    100      0 3549 32787 32934 i
*>i                 196.25.9.45              2    100      0 3549 32787 32934 i
* i69.63.176.0/21   196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i69.63.184.0/21   196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i74.119.76.0/22   196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i204.15.20.0/22   196.25.9.45              2    100      0 1299 32934 i
*>i                 196.25.9.45              2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i
* i                 196.43.9.249             2    100      0 1299 32934 i

Then if you run those ranges through the linux command called aggregate you will get to the ranges I posted.

32934 is the ASN for Facebook's network.
 
I have blocked Facebook two ways on my network. Firstly through the router I have blocked access to all http sites on port 80 but let through https for the general staff. Basically I have split my subnet to users that have full access and users that only have https access. Not so easy to do in your case as you dont have access to the Router OS.

I have also deployed Opendns on the network so all names are resolved using the OpenDNS servers as opposed to the ISPs. With this method I can specify categories that should be blocked eg Gambling, Social Media etc or I can specify websites that should be blocked.

PM me if you need help in configuring.
 
Dean said:
Howzit Mweb Operations

A client of mine on MWeb Business uncapped (with locked Cisco 800 series router) wants to block Facebook access from within their network.

To my knowledge, this should be easy to do... but for some reason the tech who I spoke to at the Mweb Business helpdesk said that the router is incapable of doing that.

I have an idea or two as to how we can go about it, but still waiting for "an engineer to get back to us regarding the problem". I left my personal mobile number with the helpdesk too - haven't heard anything since the query was lodged on Monday.

Please advise on how we can move forward.

With thanks
Dean
Click to expand...

Hi Dean

Please PM me your details and I will follow this up.

Kind regards
MWEB Operations
 
Dean said:
What's cheaper than phoning MWEB to type a couple lines of commands into your already-paid-for router?
Click to expand...

TBH, I was thinking long run - next time a client calls you, you can say - hey I have the solution - it will take x amount of hours and cost x.
Kudo's BTW for MWEB proving the poster wrong whos said 'good luck them getting back to you"

PWND
xD
 
ClearOS or Untangle if you go for a firewall solution which would be the right way to go.

Edit your hosts file and point www.facebook.com at 127.0.0.1 for a cheap and easy way....
 
w1z4rd said:
Edit your hosts file and point www.facebook.com at 127.0.0.1 for a cheap and easy way....
Click to expand...

Aweh this was the initial plan but they are laptops which the users also use at home... the company has no problem with them facebooking at home or wherever else... just not during work time.
 
Anthropoid said:
TBH, I was thinking long run - next time a client calls you, you can say - hey I have the solution - it will take x amount of hours and cost x.
Click to expand...

Appreciate the idea and you even developed a potential business model - thanks! :P
 
Dean said:
Aweh this was the initial plan but they are laptops which the users also use at home... the company has no problem with them facebooking at home or wherever else... just not during work time.
Click to expand...

Hi Dean

I agree with you that it should be possible to do this on the router and I'll follow up on the query to ensure that we get someone to assist with this. However purely my opinion and speaking from personal experience, if your client wants to get into the space of managing user Internet activity in the office it's always preferable to put something with a more manageable interface between the local network and the router. it gives you a lot more control and also provides the option of reporting on allowed activity if they choose to go that route.

Regards
Will
 
Will@MWEB said:
Hi Dean

I agree with you that it should be possible to do this on the router and I'll follow up on the query to ensure that we get someone to assist with this. However purely my opinion and speaking from personal experience, if your client wants to get into the space of managing user Internet activity in the office it's always preferable to put something with a more manageable interface between the local network and the router. it gives you a lot more control and also provides the option of reporting on allowed activity if they choose to go that route.

Regards
Will
Click to expand...

Howzit Will

Thanks for the advice - it's a solid plan, however I don't believe the client would like to spend more on the job right now - if they'd like monitoring/reporting in future, I'm sure it can be just as easily unblocked on router as it is to block, and configured through a manageable interface. The company really has no interest in managing users activity, they've just noticed Facebook creeping up a bit too often, and feel the need to curb it (even though on a personal level, they don't even want to). This is only for 3-4 users on an uncapped account, so this seems like the quickest and simplest option for at-work-only facebook blocking on those laptops.
(unless the ISP takes 3 days to get the ball rolling...)

Forwarded the clients details via PM yesterday - which were aparently "incorrect on the system" (MWeb has gotten ahold of them at least twice before from those details, so I don't follow, but anyway...) and I sent my mobile number through last night after having given it to the business helpdesk consultant on Monday.
Looking forward to some progress today...

Thanks for getting involved Will - things always seem to happen quicker once you're around.
 
Last edited:
@Mweb Operations
@Will@Mweb

Still waiting for contact......
very patiently :)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X