Block adult website in mikrotik

Howto Block Adult websites using OPENDNS for free 🙂 (with category base filtering support)

Filed under: Mikrotik — Tags: block adult web sites in mikrotik, URL filtering — Silicon Care / Pube~:) @ 12:09 PM

Last day someone asked me howto block Adult websites in mikrotik. There is no builtin way to do it as it involves URL filtering and its not the job of ROUTER to do such task. Dedicated proxy server can do it effectively since they are built for such purposes like caching/URL filtering/redirecting etc.

We are using Microsoft TMG in our organization which filters URL based on category, so its easier for us to just select the required category that we want to block , for example Porn / Gambling / Spywares etc but Microsoft charge for this service on annual basis (Which I guess is about 15$ per user annually) , It does the job perfectly and very efficiently but its not a cost effective solution specially if you dont have much budget to pay Microsoft.

However following is the free, neat and clean method to block almost 99$ of porn web sites using OpenDNS server as your primary DNS server in your router/proxy or even desktop PC.

Use the below DNS server as your primary dns server in mikrotik / isa server / router or even a desktop. If you are using Mikrotik or other Server, make sure clients are using your server ip as there DNS server, because opendns will work only if the client / router is using there dns server. You can also force users to use your DNS server by adding redirect rule so every request for dns should be redirected to your local server.

208.67.222.123
208.67.220.123

If you are using mikrotik server, then it would look alike something below image . . .

Now if you will try to open any adult web site , it wont open and will give you the default browser ‘Could not open’ error,  or the request will  will be redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
As showed in the image below . . .

You can also show your own page explaining that Adult web sites are blocked and with your Advertisement. For this purpose, you have to enable web.proxy and redirect user traffic to local proxy, then in proxy access, block the http://www.blocked-website.com / block.opendns.com and redirect it to local web server page.

Category  Base  Filtering …

If you have fix public ip address , then you can create account at http://www.opendns.com and then you can do category base filtering.

as showed in the image below …

Howto Enable Web Proxy in Mikrotik and redirect opendns error page to local error page.

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
 
/ip proxy access
add action=deny disabled=no dst-host=www.blocked-website.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.htm</pre>
 
/ip proxy access
add action=deny disabled=no dst-host=opendns.blockdns.com dst-port="" \
redirect-to=101.11.11.240/nonpayment/nonpayment.html

Replace the 101.11.11.240 and the full path with your local web server.

Now enable NAT rule to redirect user traffic to local proxy.

Now Redirect All User Traffic to Local Proxy

/ip firewall nat
 add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
 to-ports=8080

Make sure you move this rule in NAT section above the default masquerading rule. so it captures the http traffic & redirect it, before masquerading it to outside world.

As showed in the image below . . .

If you dont want to use proxy for all request, but for only http://www.blocked-website.com , then use the below rule that will only redirect blocked-website.com traffic to local web proxy, all other traffic will go directly.

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-address=208.69.33.135 \
dst-port=80 protocol=tcp to-ports=8080

Now when the user will try to open any adult web site, he will be redirected to local proxy, and proxy will (using access rules we defined above) redirect the request to our local web server page showing our info page.
As showed in the image below . . .

How to force users to use specific DNS Server

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=53 protocol=udp dst-port=53

only udp is required i guess

Regard’s
Silicon Care

8 Comments

  1. September 23, 2019 at 12:42 am

    Hi there! I know this is kind of off-topic but I had to ask.
    Does running a well-established blog such as yours require a massive amount work?

    I am brand new to running a blog but I do write in my
    diary every day. I’d like to start a blog so I will be able to share my experience and views online.
    Please let me know if you have any kind of
    suggestions or tips for brand new aspiring bloggers. Appreciate it!

  2. September 23, 2019 at 10:26 pm

    This is really interesting, You are a very skilled blogger.
    I’ve joined your rss feed and look forward to seeking more of your great post.
    Also, I’ve shared your website in my social networks!

  3. September 23, 2019 at 10:56 pm

    If you want to increase your familiarity simply keep visiting this web page and be updated with the newest news posted here.

  4. September 24, 2019 at 4:24 am

    Hello There. I discovered your blog using msn. This is a very well written article.
    I’ll make sure to bookmark it and come back to read extra
    of your useful information. Thank you for the post.
    I will certainly return.

  5. September 24, 2019 at 6:06 am

    I’m no longer sure where you’re getting your information, however good topic.
    I must spend a while studying more or working out more. Thank you for excellent info I used to be
    searching for this info for my mission.

  6. September 24, 2019 at 12:12 pm

    What’s up to all, how is everything, I think
    every one is getting more from this web page, and your views are fastidious in support of
    new viewers.

  7. September 24, 2019 at 5:43 pm

    You need to take part in a contest for one of the most
    useful sites online. I most certainly will recommend this web
    site!

  8. September 24, 2019 at 10:32 pm

    It’s genuinely very difficult in this full of activity life to listen news on TV,
    therefore I just use the web for that purpose, and
    obtain the most up-to-date information.

Leave A Comment