Most of the people in my family use Webkinz, especially the little kinz. My involvement is to provide Internet access only to the Webkinz site for one of the computers on our little home network. I’m accomplishing that by attaching the machine in question via a separate subnet to our always-on server. That is, the server has two Ethernet cards, each with a network address on a different subnet. Through one card it lives on the primary subnet in our home, and through the other it’s attached to the limited-access Webkinz machine. This should be possible with most any operating system.
On that always-on server, I run Squid (which you can Google if you want more information). Following the documentation, I’ve set up Squid to be a caching proxy for the limited-access subnet, and have set up the access rules such that only Webkinz servers can be accessed, and only within a certain window of time. Then, the web browser on the limited-access machine can be set up to get to the Web via the proxy server. All of these machines are running Linux, so in the always-on server, it’s important to turn IP Forwarding off. That prevents it from allowing all traffic from the restricted network online. The result is that only Web requests allowed by the Squid restrictions ever reach the Internet.
The real challenge is to figure out what servers Webkinz uses to provide their online experience. There are many. According to this FAQ, a list of eleven IP addresses will suffice to allow access to Webkinz. (Click the question about Parental Control software.)
Complaints from household Webkinz users have shown that this list is not complete. Looking at the Squid access log, I can find the IP addresses to which access has been denied. Adding those to the list has usually resolved any problems with Webkinz world. Occasionally, however, Webkinz experiences glitches of its own, which can be identified by a lack of corresponding “DENIED” records in the Squid access log.
As of this date, my expanded list of Webkinz servers for Squid is as follows:
126.96.36.199/32 188.8.131.52/32 184.108.40.206/32 220.127.116.11/32 18.104.22.168/32 22.214.171.124/32 126.96.36.199/32 188.8.131.52/32 184.108.40.206/32 220.127.116.11/32 18.104.22.168/32 22.214.171.124/32 126.96.36.199/32 188.8.131.52/32 184.108.40.206/32 220.127.116.11/32
The /32 after each “dotted-quad” specifies how many bits in the IP address are significant. Since we’re talking about individual servers here, all of the bits are significant.