Solved

BLOCK MSN MESSENGER

Posted on 2004-11-02
773 Views
Last Modified: 2008-01-09
Hello Experts.

I have a user wich IP is 192.168.0.12 and gateway 192.168.0.4. I want block MSN Messenger for this user. I have a Gateway server (it does NAT 192.168.0.0/24 to 63.245.101.5). I'm using linux redhat 9.0. External interface (INTERNET) is eth0, internal is eth1 (LAN). I tried putting this in my FIREWALL script, just testing, but it doesn't block anything:

iptables -A FORWARD -p TCP --dport 1863 -j REJECT
iptables -A FORWARD -d 64.4.13.0/24 -j REJECT

How can i do, using iptables, to block MSN messenger for this specific user.???

Thanx.

0
Question by:rbraym
    5 Comments
     
    LVL 4

    Expert Comment

    by:bytta
    MSN messenger uses port 80 (http port) if the usual ports are not available.

    So unless you want to block all web access - this is a tough question...
    0
     

    Author Comment

    by:rbraym
    Thanks but i found the solution!!

    I just put these lines in my FIREWALL script and it worked!!

    iptables -t filter -A FORWARD -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp --sport 1863 -j ACCEPT
    iptables -t filter -I FORWARD -s 0.0.0.0/0 -d 192.168.0.12/255.255.255.255 -p tcp --sport 1863 -j DROP
    iptables -A FORWARD -s 192.168.0.12 -d messenger.hotmail.com -j DROP

    Thanks anyway.. i hope this help another one.

    RBrayM
    0
     
    LVL 4

    Expert Comment

    by:bytta
    I only replied so I can get access to the answer from "My Account"... Thanks.

    This is just one of many drawbacks of having a central server instead of local ones, like jabber.

    0
     
    LVL 5

    Expert Comment

    by:paranoidcookie
    OK what I do to block messanger is to run a cache server (squid) and a program called dans gaurdian which does content blocking. You can hen use dansgaurdian to block chat servers.
    I use iptables to run squid in transparent proxy mode so there is no client configuration and no way around the proxy.

    Take a look at

    http://www.squid-cache.org
    http://dansguardian.org/

    As a bonus using a proxy will speed up your interent connection!
    0
     

    Accepted Solution

    by:
    PAQed with points refunded (80)

    CetusMOD
    Community Support Moderator
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Prepare to Pass the CompTIA A+ 900 Series Exam

    CompTIA aims to adapt its A+ Certification to reflect the most current knowledge and skills needed by today's IT professionals--and this year's 2016 exam is harder than ever. This certification is one of the most highly-respected and sought after in IT.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    934 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now