File sharing programs like kazaa, limewire, imesh and others can be blocked by _not_ using "NAT" at all. Well, If you can handle proxying all your services (http, https, ftp, irc, etc...) :)
/jett On Thu, 2004-12-16 at 02:55, Jefferson Ogata wrote: > Amadeus Stevenson wrote: > > I had to block ports > 1024 because of various file sharing programs > > which would use whatever ports they could to share files and suck up > > the bandwidth of the internet connection. > > You didn't say in which direction you blocked these ports. > > > This also blocked FTP working properly. > > > > Reading the above information it would seem that there's no way to > > block file sharing while letting FTP clients work properly, as both > > rely on random port numbers > 1024. > > There's practically no way to block file sharing and still have an > Internet connection. The file sharing protocols are extremely creating > about finding whatever path you leave open. They'll use port 80 if they > have to. > > It's better not to try to block file sharing, but to throttle it using > some form of qos on those ports. If you block, the file sharing programs > will just hunt until they find open ports. If you throttle, they'll just > think you have a slow connection. > > > Is my thinking correct? Can anyone think of a solution to this problem? > > The solution to your problem isn't found in the firewall. It's found in > establishing policies about Internet use and then enforcing them, by > firing people if necessary.
