Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ed on November 09, 2003, 12:42:29 AM

Title: Blocking messenger on 6b3
Post by: Ed on November 09, 2003, 12:42:29 AM

I have searched the forums and how-to's and there doesn't seem to be anything on this topic.

I am running a home server based on SME 6b3 and would like to totally block some services, such as MSN Messenger, AOL, etc. I used the port closing add-on when I was running 5.6, but there doesn't seem to be an add-in for this function on version 6. (Unless there is a way to do this using the port forwarding feature built-in to 6b3, and I'm too dense to figure it out).

Can someone give me a hint where to look? I am only moderately conversant with linux, masq, and all that stuff but could follow a recipe if given one, or figure it out if there's a reasonable explanation.

Regards
Ed

Title: Re: Blocking messenger on 6b3
Post by: Guck Puppy on November 09, 2003, 01:05:44 AM

Ed wrote:
>
> I have searched the forums and how-to's and there doesn't
> seem to be anything on this topic.

http://www.e-smith.org/bboard/search.php?search=block+messenger&f=0&match=1&date=0&fldsubject=1&fldbody=1

did you search for longer than 30 days?

G

Title: Re: Blocking messenger on 6b3
Post by: Ed on November 09, 2003, 06:13:55 AM

Yes, I did that search - and you'll notice that none of them are specific to 6.0b3, they mostly cover 5.x, which I understand uses a different technique.

Ed

Title: Re: Blocking messenger on 6b3
Post by: Lloyd Keen on November 09, 2003, 04:07:36 PM

#mkdir /etc/e-smith/templates-custom/etc/squid/squid.conf
#cd /etc/e-smith/templates-custom/etc/squid/squid.conf
#mcedit 20ACL50blockmessenger
add the following:
acl blockmessenger dstdom_regex passport
#mcedit 40http_access05blockmessenger
add the following:
http_access deny blockmessenger
#/sbin/e-smith/expand-template /etc/squid/squid.conf
#/etc/rc.d/init.d/squid restart

Title: Re: Blocking messenger on 6b3
Post by: Guck Puppy on November 09, 2003, 10:42:36 PM

Ed wrote:

> Yes, I did that search - and you'll notice that none of them
> are specific to 6.0b3, they mostly cover 5.x, which I
> understand uses a different technique.

I know 5.5 uses ipchains whilst 5.6 uses iptables... what's different from 5.6 to 6.0b3 (which also uses iptables)?

G

Title: Re: Blocking messenger on 6b3
Post by: Harold on November 10, 2003, 01:38:09 AM

Guck Puppy wrote:

> I know 5.5 uses ipchains whilst 5.6 uses iptables... what's
> different from 5.6 to 6.0b3 (which also uses iptables)?

You might read the RELEASE-NOTES.txt file...

H

Title: Re: Blocking messenger on 6b3
Post by: Guck Puppy on November 10, 2003, 01:51:46 AM

> Guck Puppy wrote:
> > I know 5.5 uses ipchains whilst 5.6 uses iptables... what's
> > different from 5.6 to 6.0b3 (which also uses iptables)?

Harold wrote:
> You might read the RELEASE-NOTES.txt file...

Fair enough, I went and read it from :
http://www.ibiblio.org/pub/linux/distributions/e-smith/dev/6.0dev/RELEASE-NOTES.txt

I'd really appreciate it if you would point out which note refers to this "different technique" with regards to the firewall in 6.0 vs 5.6 - my ignorance apparently overwhelms me.

Thanks for your help,

G

Title: Re: Blocking messenger on 6b3
Post by: Alejandro Lengua on November 10, 2003, 02:15:40 AM

Lloyd Keen wrote:
>
> #mkdir /etc/e-smith/templates-custom/etc/squid/squid.conf
> #cd /etc/e-smith/templates-custom/etc/squid/squid.conf
> #mcedit 20ACL50blockmessenger
> add the following:
> acl blockmessenger dstdom_regex passport
> #mcedit 40http_access05blockmessenger
> add the following:
> http_access deny blockmessenger
> #/sbin/e-smith/expand-template /etc/squid/squid.conf
> #/etc/rc.d/init.d/squid restart


Are you sure that this works?
I have implemented this, but messenger still works...

Title: Re: Blocking messenger on 6b3
Post by: Harold on November 10, 2003, 04:41:09 AM

Guck Puppy wrote:

> I'd really appreciate it if you would point out which note
> refers to this "different technique" with regards to the
> firewall in 6.0 vs 5.6 - my ignorance apparently overwhelms me.

Nobody said there was a difference 6.0 v5.6. Ed was sloppy when he said 5.x. He should have "5.5 and earlier".

H.

Title: Re: Blocking messenger on 6b3
Post by: Alejandro Lengua on November 10, 2003, 04:45:55 PM

I finally figured out how to block messengers, Kazaa and so on.

It was something like:
....... Iptables -I -forward xxxxx   REJECT

I will post my complete config later, however I have a doubt, why I had
to use IPTABLES -I instead of IPTABLES -A...

IPTables -A commands didn´t block the connection of messengers to its servers.

BTW You have to block direct connection to servers,  ports is not enough because it seems that they can connect using common ports as HTTP (80)
and SMTP (25) ports as Yahoo messenger does.

Title: Re: Blocking messenger on 6b3
Post by: Ed on November 14, 2003, 05:20:56 AM

>Ed was sloppy when he said 5.x. He should have "5.5 and earlier".


Not sloppy, ignorant. ("Never attribute to mailice that which can be blamed on incompetence" - Napoleon).

Does this mean that the existing port blocking rpm for 5.6 will work on 6.0 also?

Ed

Title: Re: Blocking messenger on 6b3
Post by: Jon R on December 17, 2003, 06:59:48 PM

Alejandro Lengua wrote:

> I finally figured out how to block messengers, Kazaa and so
> on.
> <...>
> I will post my complete config later, ......

Alejandro,

I'm looking to block both Messenger and Kazaa and would be grateful for any solution you already have working.  Thanks