Knowledge Base  >   Firewall  > 

Use Vigor3900/2960 to block Youtube for some of LAN clients only

This note is going to show how to stop some LAN clients from Youtube but still pass some other LAN clients. Since Google service (e.g., google maps, google drive) and Youtube sometimes uses the same IP address, using URL/Web Category Filter to block YouTube may block some of the Google services as well. However, we can use LAN DNS and IP Filter to prevent clients from accessing YouTube, and make sure other Google services are still available.

1. Set up LAN DNS for LAN clients to use SafeSearch Virtual IP for Google services: Go to LAN >> LAN DNS, click Add to establish a profile:

  1. Check Status
  2. Enter google.com in Domain Name
  3. Enter *google.com* in Alias Domain Name and save it
  4. Enter SafeSearch Virtual IP in IP Address (Note: Google SafeSearch IP can be found by doing nslookup for forcesafesearch.google.com)
  5. Click Apply to finish the setting.
a screenshot of LAN DNS profile on Vigor3900

2. Force LAN DNS Redirection: Go to LAN >> General Setup, click on the LAN profile in use and enable DNS Redirection.

a screenshot of LAN General Setup that has DNS Redirection enabled

3. Add a IP Filter Group: Go to Firewall >> Filter Setup >> IP Filter, click Add:

  1. Check Enable
  2. Enter Group name
  3. Click Apply
a screenshot of adding a new IP Filter Group

4. Create an IP Filter to pass all the traffic from a group of IP which is allowed to watch Youtube. Click on the group created in step 3, and click Add to add a rule:

  1. Enter Profile name
  2. Select "Accept" for Action
  3. Check Enable
  4. Click Add on the right of Source IP Object. Select "Range" for Address Type and set Start IP Address and End IP Address of the IP which is allowed to access Youtube
a screenshot of Firewall Rule configuration on Vigor3900

5. Select the Object after it was created, then click Apply to finish IP filter setting

a screenshot of Firewall Rule configuration on Vigor3900

6. Create an IP Filter to pass all traffic destined to other Google service, similar to Step 4. Click Add to establish a rule:

  1. Enter profile name
  2. Select "Accept" for Action
  3. Check Enable
  4. Click Add on the right of Destination IP Object. Select "Single" for Address Type and enter Google SafeSearch IP at Start IP Address
  5. Select the Object created, then click Apply to finish IP filter setting
a screenshot of adding Google SafeSearch IP in Firewall Rule of Vigor3900

7. Add another an IP filter rule to block DNS queries for Youtube:

  1. Enter Profile name
  2. Select "Block" for Action
  3. Check Enable
  4. Click Add on the right of Destination DNS Object. Add "youtube.com" in Member Table and click Save
  5. Select the Object created, then click Apply to finish IP filter setting
a screenshot of adding destination DNS object in the firewall rule

  
With the above configuration, clients with IP between 10.0.0.1~10.0.0.100 can access Youtube; but other clients can't because the DNS queries for YouTube from them are blocked. However, all the clients can access other Google services by the SafeSearch IP.

 

Trouble-Shooting:

If YouTube is not blocked as expected, please try:

  1. Clear Browser's history
  2. Clear DNS cache. For Windows users, this can be done by typing ipconfig/flushdns in command prompt.
  3. Make sure the client's default gateway is the Vigor Router.

Published On:2016-05-25 

Was this helpful?   

book icon

Related Articles