Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[NopeNotToday]

Hello all,

Ok here is what Iv got.  I have three wireless computers in my house (all of which are not mine), and three lazy roommates.  My roommates are not getting the things they need to get done accomplished because they are to busy messing around in "Second Life" and "Voodoo Chat". I need to figure out a way that I can block only these three computers from accessing the ports those applications use.  My wife gets on Voodoo from time to time and I don't want to block her computer.  I want to set up a schedule so that from 1 AM to 4 PM the three laptops are not on those apps, I cant block them from the internet completely because two of them do their college online. If some one could please help me it would be much appreciated.

I know that Voodoo Uses Port 4444, and 7777

Here is a web page for second life on the ports it uses. I just don't know if I should block all of the ports that second life uses.

http://wiki.secondlife.com/wiki/Firewall

 

[Trikein]

This actually turned out more complicated then I thought. I  might polish it and it could be a entry for a Sticky?


When click on blue links, hold down CONTROL on your keyboard to bring them up in new tabs. If that doesn't work, upgrade your browser. :-)

Well I would first suggest sitting down and actually talking to your "roommates". (Actually your kids right?) Using technology as a tool of control over a situation will only create a escalation of arms where usually the more devious and technological suave win...IE, the kids. ::grin::

But with that said, your request can be done by one of two days, you can either use the "Gaming section" or the Access Control. Either way, you first need to set DHCP reservations . Scroll down to "Add DHCP Reservation" and go:

Enable: Yes
Computer Name: Choose the computer name if you know the host name. *
IP Address: Or manually input the IP
Mac: Mac address of the computer
Click on Save
Add each computer this way
Click on Save settings (Reboot later)

   * The easiest way to tell which PC is which, is just jot down the host names when there not connect, and when one goes to turn on their computer, see which name pops up in the list *

Once that is done you need to define a Schedule.

Name: Roommate
Days: Select which ones you want.
All Day - 24hr: If applicable
Start Time: 1:00 AM
End Time: 4:00 PM
Click on Save(Reboot later)

Now if you don't know the ports, and you only want certian websites block, that's tricky. Not only do websites have multiple IP's, but it can be got around by using a Proxy.(Sooooo many ways to do that) But if you wish, go to Inbound Filter:

Name: Roommate
Action Deny
Enable: Checked
Remote IP: IP address your looking to block
Remote IP End: Same
Click on Add (Reboot later)

Now that is done, either go to Gaming and do:

Enabled: Checked
Name: Roommates
IP Address: Pick a DHCP reservation from that list
TCP Ports: 4444, 7777 **
UDP Ports: **
Schedule: Roommates
Inbound Filter: Roommates

 ** Add any others you wish **

Now click on save settings and reboot the router. Let me know how that works. Access Control is hard to write a How to for since it's dynamic and not all on one screen, so let me know if this works and you even need that.

[NopeNotToday]

Thanks allot, I'll try that... and by the way if my kids were on those apps I would have a serious parenting problem ( they are only 6, 8, and 11).... Just people we are trying to help out and getting taken advantage of. Tried the nice long sit down meetings and the s*** is just not working... so I'm trying it this way before I start drilling lots of tiny holes through their screens 

[Trikein]

LOL. Sorry, I didn't mean to come off as judgemental by any means, its just I used to work on a forum where we would get people yelling at us for our product not blocking their kids going to adult website. Its like come ON..when your fighting puberty with a computer, puberty wins. Haha. Oh the ingenious methods I saw, but back on topic.

Yea, I mean if you want you could just put a Mac filter and block their PC from connecting at all and just pull a "I don't know whats wrong" thing. Or you could block certian sites, block ports, you could set up locks, rewrite their host files, reroute their DNS traffic, create routing loops, or paradoxes that slooooow down their traffic to almost nothing. Also, MOST IMPORTANT, after any of these changes your going to want to turn off wireless admin and change the password to something thats hard to guess. Any google search will show them how to get into the router and change all these things back. Let me know how it goes, but I am all for punishing lazy in-laws. WooooT!!

[NopeNotToday]

LOL I did not take it offensive at all.  I was just stating my kids are way to young for that crap, and their mom would proly break their fingers lol. I didn't think about turning off wireless admin rights, the only two computers that need admin rights are wired, so thats a great idea.  I could block off all internet access but two of the wireless clients go to school online so that would not be so nice, but funny.  I already had all of the computers, and printers, and phones on the DHCP client list. But I just learned how to change their IP's so I can use a range of IP's instead of one by one. Thank you so much, I didn't mean to sound rude if I came off that way. I'm just pissed that after the meetings and crap nothing has worked nor changed, I would not mind giving them the boot but my wife would.  I kinda think that when some one louses their job because their online life got in the way, their priorities are way out of wack. I'm in the Army and I work my butt off, and have struggled to get to where I'm at now and just hate to have people take advantage of us just because we have a good heart and want to help them out...... OK done ranting lol  Thanks again.

[Trikein]

Well good luck with your troubles, and let me know if I can be of anymore help. Actually, come to think of it, here are some ways to get around these methods, along with possible counter-measures.

1. Mirror Sites: Blocking certian IP's only block that one site. One common work around to IP block is to just enter in the area code across the country from you or set your browser settings to another contry. Some sites even have Mirror sites that will change depending on traffic.
    Counter Measure:  Blocking domains block a wider range of sources. Blocking dlink.com will also block dlink.support.com or many of the other dlink servers. While this isn't anywhere near infaluable, it adds another layer.

2. The Babblefish: If blocking certian websites, your just blocking their IP, not the traffic itself. So if someone's reroutes the traffic through a website, also known as performing a proxy, it side steps that stradigy. One was of doing this was to ask Babblefish, a popular translator site by Yahoo. This became a popular trick  to get around a school's monitoring program.
   Counter-Measure: Don't just block site IP's and domains, block the traffic itself. Either the type(TCP) or the language like HTML (Port 80). Keep kind in mind, you can always go sever with your blocking and then add exceptions. Block all of port 80 except to a few IP's you want them to go to. This gets complicated though since many sites are constructs of media from different location. However your mouse over a site's pictures sometimes and you will know what I mean. Nevermind advertisment media, HTTPS(reroutes traffic to verify) or ad ones.

3. Tor: What Babblefish does for websites, Tor does for applications. Not only does it secure the data, it can reroute the traffic through other (even random) ports and then shot them out the Tor server correctly. This makes it very hard to counter-measure. If they find Tor, its time to think about monitoring and confronter then counter measures. Just keep a eye open for low priority traffic in the lags. Also, if you start seeing odd IP+Port combos, that can be a sign.

4. Gmail: This is one I personally use. Alot of people aren't aware of it, but from Gmail I can call people, use SMS(text messages), email(duh), video chat, AIM, Chat, import other email from other ISP's, tweat (Buzz), Blog (Wave), watch movies, create your own webpage (Google Sites), and well...a ton of other stuff. Just like "Simpson did it"..."Google Does it". Many people don't block Gmail because their users say its needed to check their email. Just be aware of everything else it can do.

[NopeNotToday]

Thanks allot!  I'm learning allot through this whole experience. Come to find out one of my neighbors has wifi thats not secured, so guess who is going to be going door to door to find out who it is (thank god I dont live in an apartment complex). 

[Trikein]

Well if your using Vista or Windows 7, theres a option for View Full Map on the top right corner of "Network and Sharing center". If you click that, it shows you all networked devices on what ever network you happen to be on. Including printers. See where I am going with that?

[NopeNotToday]

Yes I do, and thanks for that tip.  So one of the ports I was blocking for another one of their apps is port 443, I found out this morning that blocks the HTTP or HTTPS for their web browsers as well so I'm hoping I'm still blocking the ports that are needed for this app to operate.  So check out this web page for me and let me know which ports I should be blocking for this app to not run correctly.  http://wiki.secondlife.com/wiki/Firewall_Configuration  Thanks

[Trikein]

I would probably say TCP 12043, 12046 and UDP 12035, 12043, and 13000-13050. Empathis on the 13000-13050 because I think thats the bulk of the server to client system. 443 will block all HTTPS, including what they need to sign into their colleges. So will 80 and 43. You could also just install it on your computer and play around until you break it. :-)  Break it to learn it...the hacker way, hehe.