Syed Jahanzaib Personnel Blog to Share Knowledge !

November 22, 2012

S EARCH M Y B LO G . . .

Howto Block Adult websites using OPENDNS for free :) (with category
base filtering support)
File d unde r: Ge ne ral IT R e late d, Mik rotik R e late d Tags: block adult we b site s in m ik rotik , UR L filte ring Sye d Jahanzaib /
Pinochio~:) @ 10:09 AM

23 Votes

Search
CATEGO RIES
C isco R e late d (3)
Fore front TMG 2010 R e late d
(4)
Ge ne ral IT R e late d (33)

Last day someone asked me howto block Adult websites in mikrotik. There is no builtin way to do it as it involves URL filtering and its not the

IBM R e late d (29)

job of ROUTER to do such task. Dedicated proxy server can do it effectively since they are built for such purposes like caching/URL

Linux R e late d (99)

filtering/redirecting etc.

Microsoft Hype rV R e late d (1)

Microsoft R e late d (68)

We are using Mic rosoft TMG in our organization which filters URL based on category, so its easier for us to just select the required

Mik rotik R e late d (82)

category that we want to block , for example Porn / Gambling / Spywares etc but Microsoft charge for this service on annual basis (Which I

R adius Manage r (19)

guess is about 15$ per user annually) , It does the job perfectly and very efficiently but its not a cost effective solution specially if you dont

Sym e nte c R e late d (2)

have much budget to pay Microsoft.

Uncate gorize d (5)

VMware R e late d (16)

However following is the free, neat and clean method to block almost 99$ of porn web sites using OpenDNS server as your primary DNS
server in your router/proxy or even desktop PC.

M ETA

Use the below DNS server as your primary dns server in mikrotik / isa server / router or even a desktop. If you are using Mikrotik or other

R e giste r

Server, make sure clients are using your server ip as there DNS server, because opendns will work only if the client / router is using there

Log In

dns server. You can also force users to use your DNS server by adding redirect rule so every request for dns should be redirected to your

Entrie s RSS

local server.

C om m e nts RSS
C re ate A Fre e W e bsite O r
Blog At W ordPre ss.com .

208.67.222.123
208.67.220.123
open in browser PRO version

Are you a developer? Try out the HTML to PDF API

EM AIL S U B S CRIP TIO N

E NTE R Y O UR E M AI L
AD D RE SS TO SUBSC RI BE
TO THI S BL O G AND

pdfcrowd.com

TO THI S BL O G AND
RE C E I V E NO TI F I C ATI O NS
O F NE W PO STS BY
E M AI L .
If you are using mikrotik server, then it would look alike something below image . . .

JO I N 2 ,4 4 0 O THE R
F O L L O W E RS

Enter your email address

Sign me up!
DECEM B ER 2014
M T W T F S S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
Now if you will try to open any adult web site , it wont open and will give you the default browser Could not open error, or the request will
will be redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
A s showed in the image below . . .

15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
NO V
ARCHIVES
Nove m be r 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
Fe bruary 2014
January 2014
De ce m be r 2013
Nove m be r 2013
O ctobe r 2013
Se pte m be r 2013
August 2013
July 2013
June 2013
May 2013

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

April 2013
March 2013
Fe bruary 2013
January 2013
De ce m be r 2012
Nove m be r 2012
O ctobe r 2012
Se pte m be r 2012
August 2012
July 2012
June 2012
May 2012

April 2012

You can also show your own page explaining that Adult web sites are blocked and with your Advertisement. For this purpose, you have to
enable web.proxy and redirect user traffic to local proxy, then in proxy access, block the http://w w w .bloc ked-w ebsite.c om /
bloc k.opendns.c om and redirect it to local web server page.

March 2012
Fe bruary 2012
January 2012
De ce m be r 2011
Nove m be r 2011
O ctobe r 2011
Se pte m be r 2011
August 2011
July 2011

Category Base Filtering

June 2011
April 2011
O ctobe r 2010
Se pte m be r 2010

If you have fix public ip address , then you can create account at http://www.opendns.com and then you can do category base filtering.

August 2010
June 2010
May 2010

as showed in the image below

April 2010
March 2010
Fe bruary 2010
January 2010
De ce m be r 2009
Nove m be r 2009

B LO G S TATS
3,135,224 Hits

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

3,135,224 Hits

RECEN T P O S TS
Kanne l Auto Startup Proble m
W ith Syste m Error 13
Pe rm ission De nie d
VPN/PPTP Static R oute s Loose
Gate way W he n
C lie nt R e conne cts
Howto Add SEAR C H/EDIT
Button O n Main Page In
R adius Manage r
SIP Poble m W ith Mik rotik
MR TG Graph For FR EER ADIUS
O nline Use rs

P AGES
About ME

TO P CLICKS
Postm aste r.live .com /Snds
Aacable .file s.wordpre ss.c
Aacable .file s.wordpre ss.c
Google .com .pk /Se arch?Q =Ib
Support.m sn.com /Eform .asp

TO P P O S TS
Howto C ache Youtube W ith
SQ UID / LUSC A And Bypass
C ache d Vide os From Mik rotik
Q ue ue [April, 2014 , Zaib]
Mik rotik DUAL W AN Load
Balancing Using PC C Me thod.
C om ple te Script ! By ZaiB
Mik rotik Multi W AN Fail O ve r
Sce narios
Monitoring Ne twork W ith The
DUDE (PC X86 O r Mik rotik NPK
Ve r)
Mik rotik 4 W AN Load
Balancing Using PC C Me thod.
C om ple te Script ! By ZaiB

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

RS S
R SS - Posts
R SS - C om m e nts

Howto Enable Web Proxy in Mikrotik and redirect opendns error page to local error page.

1
2
3
4
5
6
7
8
9
10
11
12
13
14

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip proxy access
add action=deny disabled=no dst-host=www.blocked-website.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm</pre>
/ip proxy access
add action=deny disabled=no dst-host=opendns.blockdns.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm

Replace the 101.11.11.240 and the full path with your local web server.
Now enable NAT rule to redirect user traffic to local proxy.

Now Redirect All User Traffic to Local Proxy

/ip firewall nat

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

1
2
3

/ip firewall nat

add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
to-ports=8080

Make sure you move this rule in NAT section above the default masquerading rule. so it captures the http traffic & redirect it, before
masquerading it to outside world.
A s showed in the image below . . .

If you dont want to use proxy for all request, but for only http://w w w .bloc ked-w ebsite.c om , then use the below rule that will only
redirect blocked-website.com traffic to local web proxy, all other traffic will go directly.

1
2
3

/ip firewall nat

add action=redirect chain=dstnat disabled=no dst-address=208.69.33.135 \
dst-port=80 protocol=tcp to-ports=8080

Now when the user will try to open any adult web site, he will be redirected to local proxy, and proxy will (using access rules we defined
above) redirect the request to our local web server page showing our info page.
A s showed in the image below . . .

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

How to force users to use specific DNS Server

1
2
3

/ip firewall nat

add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=udp dst-port=53

only udp is required i guess

Regards
Sy ed Jahanzaib
Comments (15)

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Follow Syed
Jahanzaib
Personnel Blog to
Share Knowledge
!
Get every new post delivered
open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com