I have installed CFPro yesterday on my LAN server. I have problems with denying the access to the specific web site in my network.
I tried with the specific IP for in/out also but that is also not working.
The rules are below:
BLOCK IP OUT FROM IP Zone:[LAN] - 192.168.0.2/192.168.0.255 TO IP 220.127.116.11 WHERE IPPROTO IS ANY
BLOCK IP IN FROM IP 18.104.22.168 TO IP Zone:[LAN] - 192.168.0.2/192.168.0.255 WHERE IPPROTO IS ANY
Can you please help me out how to block access to “orkut.com” to all the PCs in my LAN.
Thanks in advance
Hi Praveen, welcome to the forums.
The IP you specified (22.214.171.124) resolves into RN-IN-F83.GOOGLE.COM. Where as asking for IPs from orkut.com returns 126.96.36.199, 188.8.131.52 & 184.108.40.206.
So, I don’t know what the relationship is between 220.127.116.11 & orkut.com, but on face value it seems the easiest way to block orkut.com is to use the hostname… like this…
Block IP IN from orkut.com to IP Zone:[LAN] where PROTO IS ANY
And if you want to blocking sending…
Block IP OUT from IP Zone:[LAN] to orkut.com where PROTO IS ANY
This way if they change servers, you’ll still be blocking them on their name.
Hope this helps.
Thanks for your reply.
I was explaining about google and asked for orkut.com
I used the same rules you have specified but still I am able to access.
I even moved the block rules above the Allow rules.
BLOCK IP OUT FROM IP Zone:[LAN] - 192.168.0.2/192.168.0.255 TO IP NAME:[orkut.com] - 18.104.22.168 - 22.214.171.124 WHERE IPPROTO IS ANY
BLOCK IP IN FROM IP NAME:[orkut.com] - 126.96.36.199 - 188.8.131.52 TO IP Zone:[LAN] - 192.168.0.2/192.168.0.255 WHERE IPPROTO IS ANY
OK, what exactly are you trying to access? If it’s www.orkut.com then just to be really awkward that resolves to 4 IPs and not 3 as orkut.com does.
www.orkut.com = 184.108.40.206, 220.127.116.11, 18.104.22.168 & 22.214.171.124.