Denying problems

I have installed CFPro yesterday on my LAN server. I have problems with denying the access to the specific web site in my network.

I tried with the specific IP for in/out also but that is also not working.

The rules are below:

BLOCK IP OUT FROM IP Zone:[LAN] - 192.168.0.2/192.168.0.255 TO IP 64.233.171.83 WHERE IPPROTO IS ANY

BLOCK IP IN FROM IP 64.233.171.83 TO IP Zone:[LAN] - 192.168.0.2/192.168.0.255 WHERE IPPROTO IS ANY

Can you please help me out how to block access to “orkut.com” to all the PCs in my LAN.

Thanks in advance
Praveen

Hi Praveen, welcome to the forums.

The IP you specified (64.233.171.83) resolves into RN-IN-F83.GOOGLE.COM. Where as asking for IPs from orkut.com returns 72.14.209.85, 72.14.209.86 & 72.14.209.87.

So, I don’t know what the relationship is between 64.233.171.83 & orkut.com, but on face value it seems the easiest way to block orkut.com is to use the hostname… like this…

Block IP IN from orkut.com to IP Zone:[LAN] where PROTO IS ANY

And if you want to blocking sending…

Block IP OUT from IP Zone:[LAN] to orkut.com where PROTO IS ANY

This way if they change servers, you’ll still be blocking them on their name.

Hope this helps.

Thanks for your reply.

I was explaining about google and asked for orkut.com

I used the same rules you have specified but still I am able to access.

I even moved the block rules above the Allow rules.

BLOCK IP OUT FROM IP Zone:[LAN] - 192.168.0.2/192.168.0.255 TO IP NAME:[orkut.com] - 72.14.209.85 - 72.14.209.87 WHERE IPPROTO IS ANY

BLOCK IP IN FROM IP NAME:[orkut.com] - 72.14.209.85 - 72.14.209.87 TO IP Zone:[LAN] - 192.168.0.2/192.168.0.255 WHERE IPPROTO IS ANY

OK, what exactly are you trying to access? If it’s www.orkut.com then just to be really awkward that resolves to 4 IPs and not 3 as orkut.com does.

www.orkut.com = 72.14.209.85, 72.14.209.86, 72.14.209.87 & 72.14.209.94.