On 12/16/07, Dinesh Joshi dinesh.a.joshi@gmail.com wrote:
On 12/13/07, Agnello George agnello.dsouza@gmail.com wrote:
how do i block a client from accessing yahoo chat My current set ups is as follows -- have a firewall and behind it have a proxy server running on port 3128.
now to block yahoo chat access i did the following in my squid.conf
I'm a little late in replying. The best way to setup access control is to start with a completely closed Firewall and Proxy. Open the ports you require and setup port redirection 80 -> 3128 ( if SQUID is running as transparent proxy ). Then open only THOSE services in squid which you require. Also remember NOT to NAT the machines or put ANY machine in DMZ.
Sorry of the late reply on this, i did exactly what every one was suggesting, Blocking all the ports and enabling all only those ports that that we require ( 80 8080 21 22 443 ) . By doing so we automatically block gtalk, yahoo chat and msn messenger. Here is what i did
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp -m multiport --dport 21,22,80,8080,443 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
this is all great and all , but i have one IM installed on my system called "pidgin".. i am able to log in here in when configured to yahoo messenger.
Does any one have any idea why this happens ??