0

I have a question regarding router configuration: How can I configure it to direct certain packets sent to certain addresses (like Facebook, Youtube and other procrastination sites) to be sent to a different computer on the network? I understand it has something to do with using my router as a DNS server?

Basically I want the same function I get from a host file on a certain computer, only for all machines connected to the router.

Edit: The router is a wireless Edimax BR-6424n, the packets are HTTP.

Thanks, Itamar.

Itamar Marom
  • 119
  • 3

3 Answers3

5

There are two high level phases for how a site gets "routed":

  • The DNS lookup, translates the name to the IP address
  • Routing of the packets based on the IP address

So you can either resolve the DNS to a different IP (this is easily bypassed) or route the ip address differently (a little more difficult).

What you are talking about is filtering browsing traffic. This often done by an HTTP proxy. Since a lot of the work of this goes into maintaining a list of "procrastination" sites, if you are willing to spend a little money you might be much better off buying something like Websense.

Lastly, filtering people's Internet can be demoralizing, be sure that this comes from upper management.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • 1
    +1 for the demoralizing comment. Hire people you trust to do a good job, and don't get mad at them when they accomplish all their tasks *and* update their Facebook status. – Kyle Smith Apr 17 '12 at 12:26
1

Notwithstanding that such blocking is futile, don't use your router as a DNS server, use a real DNS server instead.

For the gory details on why not, see RFC 5625, then see my profile.

Community
  • 1
Alnitak
  • 20,901
  • 3
  • 48
  • 81
0

I doubt you'll be able to do that with simple SOHO router, it simply lack of resources for that.

But you can use hosts file(s) on your client PC(s) to inject wrong DNS answers (so facebook.com will point to your here-on-LAN-PC, not to FB server). But what you should keep in mind is: facebook isn't simple one host, there are a lot of hosts, so you'll have to mention all of it in you hosts file.

And of course 1) you'll need HTTP server to answer queries, and 2) https queries (if any) will be marked as cert-broken, but I think you know what you're doing.

Alexander
  • 724
  • 2
  • 11
  • 19