0

How to Block Adult websites using OPENDNS for free

Last day somebody asked, how to block Adult websites in mikrotik. There are no built-in thanks to mate because it involves uniform resource locator filtering and it’s not the task of ROUTER to try to such task. Dedicated proxy server will mate effectively since they’re designed for such functions like caching/URL filtering/redirecting etc.

We square measure victimization Microsoft TMG in our organization that filters uniform resource locator supported class, thus its easier for U.S.A. to merely choose the specified class that we would like to dam , for instance erotica / Gambling / Spywares etc. however Microsoft charge for this service on annual basis (Which i assume is concerning 15$ per user annually) , It will the task dead and extremely expeditiously however it’s not a price effective answer specially if you don’t have a lot of budget to pay Microsoft.

However following is that the free, neat and clean methodology to dam virtually 99$ of erotica websites victimization OpenDNS server as your primary DNS server in your router/proxy or perhaps desktop computer.

Use the below DNS server as your primary dns server in mikrotik / isa server / router or perhaps a desktop. If you’re victimization Mikrotik or alternative Server, certify purchasers square measure victimization your server IP as there DNS server, as a result of openness can work on condition that the shopper / router is victimization there dns server. You’ll additionally force users to use your DNS server by adding direct rule thus each request for dns ought to be redirected to your native server.

208.67.222.123
208.67.220.123

If you’re victimizing mikrotik server, then it’d look alike one thing below image .

Now if you may attempt to open any adult electronic computer , it won’t open and can provide you with the default browser ‘Could not open’ error, or the request can are redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
As showed within the image below .

You can additionally show your own page explaining that Adult websites square measure blocked and along with your ad. For this purpose, you have got to alter net. Proxy and direct user traffic to native proxy, then in proxy access, block the http://www.blocked-website.com / block.opendns.com and direct it to native net server page.

Category Base Filtering:

If you have got fix public IP address , then you’ll produce account at http://www.opendns.com and so you’ll do class base filtering.

As showed within the image below

How to alter net Proxy in Mikrotik and direct opendns error page to native error page:

/ip proxy
set always-from-cache=no cache-administrator=webmaster
cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none
max-client-connections=\
600 max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080
serialize-connections=no src-address=\
0.0.0.0
/ip proxy access
add action=deny disabled=no
dst-host=www.blocked-website.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm</pre>
/ip proxy access
add action=deny disabled=no dst-host=opendns.blockdns.com
dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm

Replace the one zero one.11.11.240 and therefore the full path along with your native net server.

Now alter NAT rule to direct user traffic to native proxy.

Now direct All User Traffic to native Proxy:

/ip firewall nat
 add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
 to-ports=8080

Make sure you progress this decree NAT section higher than the default masquerading rule. Thus it captures the protocol traffic & directs it, before masquerading it to outside world.

As showed within the image below .

If you don’t need to use proxy for all request, except for solely http://www.blocked-website.com , then use the below rule which will solely direct blocked-website.com traffic to native net proxy, all alternative traffic can go directly.

/ip
firewall nat
add action=redirect chain=dstnat disabled=no
dst-address=208.69.33.135 \dst-port=80 protocol=tcp to-ports=8080 

Now once the user can attempt to open any adult electronic computer, he are redirected to native proxy, and proxy can (using access rules we have a tendency to outlined above) direct the request to our native net server page showing our data page.
As showed within the image below .

How to force users to use specific DNS Server:

 /ip firewall nat
 add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=tcp dst-port=53
 add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=udp dst-port=53

Only udp is needed i assume

Asad Mukhtar

Leave a Reply

Your email address will not be published. Required fields are marked *