i have a few hundred people on the wisp network. i would like to block say 20 websites in url filtering. is there a way to allow a few users to use those blocked sites
ive tried everything i can think of but cant make it work
i can block the url just. i just want a few people to still get to those sites....we use static ip addresses on the network devices
thanks
kevin
Thank you for asking this question in the support community. It may be cumbersome to make a configuration that fits your needs in the command line interface (CLI), but I believe this can be achieved by adding an additional NAT statement matching the specific IP address(es) and putting it above the "match-all NAT." Also, the keyword no-alg will need to be added to that statement. Here is an example:
ip access-list extended PRESIDENT
permit ip host <president's IP> any
!
ip access-list extended MATCH-ALL
permit ip any any
!
ip policy-class PRIVATE
nat source list PRESIDENT interface eth 0/1 overload no-alg
nat source list MATCH-ALL interface eth 0/1 overload
I hope that makes sense, but please, do not hesitate to reply with any questions. I will be happy to help in any way I can.
Levi
I have tried this same thing with the NV4430 as well. I was told you it is a all or nothing filter, not a per user or group. I ended up using some DNS filtering from another source to accomplish my needs.
thats kinda what i figured but was hoping it want true.
thanks
what dns solution you use? opendns?
Either that or Norton. OpenDns has changed their price structure as of late though. Norton Dns by itself will not block specific websites but I have found the categories accurate. Its nice because you do not have to run any of their software to use these.
The following three pre-defined content filtering policies are available for home and personal use:Policy 1: Security (198.153.192.40 and 198.153.194.40) This policy blocks all sites hosting malware, phishing sites, and scam sites.
To use Policy 1, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.40 and 198.153.194.40.
Policy 2: Security + Pornography (198.153.192.50 and 198.153.194.50) In addition to blocking unsafe sites, this policy also blocks access to sites that contain sexually explicit material. To use Policy 2, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.50 and 198.153.194.50.Policy 3: Security + Pornography + Non-Family Friendly (198.153.192.60 and 198.153.194.60) This policy is ideal for families with young children. In addition to blocking unsafe sites and pornography sites, this policy also blocks access to sites that feature mature content, abortion, alcohol, crime, cults, drugs, gambling, hate, sexual orientation, suicide, tobacco or violence.
To use Policy 3, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.60 and 198.153.194.60.
Thank you for asking this question in the support community. It may be cumbersome to make a configuration that fits your needs in the command line interface (CLI), but I believe this can be achieved by adding an additional NAT statement matching the specific IP address(es) and putting it above the "match-all NAT." Also, the keyword no-alg will need to be added to that statement. Here is an example:
ip access-list extended PRESIDENT
permit ip host <president's IP> any
!
ip access-list extended MATCH-ALL
permit ip any any
!
ip policy-class PRIVATE
nat source list PRESIDENT interface eth 0/1 overload no-alg
nat source list MATCH-ALL interface eth 0/1 overload
I hope that makes sense, but please, do not hesitate to reply with any questions. I will be happy to help in any way I can.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi