On 12/16/07, Dinesh Joshi <[EMAIL PROTECTED]> wrote:
> On 12/13/07, Agnello George <[EMAIL PROTECTED]> wrote:
> > how do i block a client from accessing yahoo chat
> > My current set ups is as follows -- have a firewall and behind it have
> > a proxy server running on port 3128.
> >
> > now to block yahoo chat access i did the following in my squid.conf
>
> I'm a little late in replying. The best way to setup access control is
> to start with a completely closed Firewall and Proxy. Open the ports
> you require and setup port redirection 80 -> 3128 ( if SQUID is
> running as transparent proxy ). Then open only THOSE services in squid
> which you require. Also remember NOT to NAT the machines or put ANY
> machine in DMZ.
>
Sorry of the late reply on this, i did exactly what every one was
suggesting, Blocking all the ports and enabling all only those ports
that that we require ( 80 8080 21 22 443 ) . By doing so we
automatically block gtalk, yahoo chat and msn messenger.
Here is what i did
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m multiport --dport 21,22,80,8080,443 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128
this is all great and all , but i have one IM installed on my system
called "pidgin".. i am able to log in here in when configured to yahoo
messenger.
Does any one have any idea why this happens ??
--
Agnello . G .Dsouza
email : [EMAIL PROTECTED]
[EMAIL PROTECTED]
www.linux-vashi.blogspot.com
www.study-the-word.blogspot.com
--
http://mm.glug-bom.org/mailman/listinfo/linuxers
