Most of the people in my family use Webkinz, especially the little kinz. My involvement is to provide Internet access only to the Webkinz site for one of the computers on our little home network. I’m accomplishing that by attaching the machine in question via a separate subnet to our always-on server. That is, the server has two Ethernet cards, each with a network address on a different subnet. Through one card it lives on the primary subnet in our home, and through the other it’s attached to the limited-access Webkinz machine. This should be possible with most any operating system.
On that always-on server, I run Squid (which you can Google if you want more information). Following the documentation, I’ve set up Squid to be a caching proxy for the limited-access subnet, and have set up the access rules such that only Webkinz servers can be accessed, and only within a certain window of time. Then, the web browser on the limited-access machine can be set up to get to the Web via the proxy server. All of these machines are running Linux, so in the always-on server, it’s important to turn IP Forwarding off. That prevents it from allowing all traffic from the restricted network online. The result is that only Web requests allowed by the Squid restrictions ever reach the Internet.
The real challenge is to figure out what servers Webkinz uses to provide their online experience. There are many. According to this FAQ, a list of eleven IP addresses will suffice to allow access to Webkinz. (Click the question about Parental Control software.)
Complaints from household Webkinz users have shown that this list is not complete. Looking at the Squid access log, I can find the IP addresses to which access has been denied. Adding those to the list has usually resolved any problems with Webkinz world. Occasionally, however, Webkinz experiences glitches of its own, which can be identified by a lack of corresponding “DENIED” records in the Squid access log.
As of this date, my expanded list of Webkinz servers for Squid is as follows:
66.48.69.98/32
66.48.69.99/32
66.48.69.102/32
66.48.69.104/32
66.48.69.106/32
66.48.69.123/32
66.48.69.124/32
66.48.83.130/32
66.48.83.158/32
66.48.83.160/32
66.48.83.161/32
66.48.83.162/32
66.48.83.163/32
66.48.83.164/32
66.48.83.165/32
66.48.83.212/32
The /32 after each “dotted-quad” specifies how many bits in the IP address are significant. Since we’re talking about individual servers here, all of the bits are significant.
What in the world are webkinz? I looked them up on line, but I guess I am just to much of a non-techy to get it.
Mary
Webkinz are stuffed animal toys that also provide a login to a virtual world where kids can play games, send limited messages, and make contact with their friends. The virtual animal looks like the stuffed version. The kids are saving their pennies to collect them.
By the way, Mary, congratulations to you and your husband on your youngest blessing, who arrived since your last comment here.
Thanks. I was just struggling with DansGuardian vs. Webkinz. Hopefully this clears it up.
66.48.69.103 is active now too.
Aloha, I too have been strugglinh to get Webkinz to work via Squid proxy for my own kids. I had already added the .102 to a “whitelist” file I have, but that still didn’t work.
After adding in the IP list you have posted (including the .103 Jon posted) Webkinz works great now.
Nice to come across a fellow “geek” dad. I did my home network similarly, but not (if that makes any sense). I used a Windows network, complete with Active Directory and a nice little GPO to lock down their proxy settings and include the allowed websites in their favorites – they know that if a site isn’t in their favorites, they’re not going to it – plain and simple.
Thanks for the list – you just cleared one more dads headache. š