|
||||||||
Block protocols AH, ESP, GRE on LAN Interface and you should be fine preventing IPSEC and PPTP connections. No need to block ports here. Holger Bauer -----Ursprüngliche Nachricht----- Von: Paul Taylor [mailto:PaulTaylor at winn dash dixie dot com] Gesendet: Dienstag, 11. Oktober 2005 15:43 An: Jim Naslund; m0n0wall at lists dot m0n0 dot ch Betreff: RE: [m0n0wall] Blocking Outgoing VPN Access Jim, It might be PPTP.. I think port 1723 is associated with that type of VPN traffic. If you are running 1.2b10 or 1.2, look under Diagnostics for the Firewall States while this person(s) is connected. This will let you see exactly who is using what traffic, including source and destination IP, ports (for TCP/UDP), protocol type, etc. Armed with this information, it should be fairly easy to put a rule in place to block that traffic... (With a rule on the interface that the user is coming in on.) Paul -----Original Message----- From: Jim Naslund [mailto:jnaslund at gmail dot com] Sent: Tuesday, October 11, 2005 9:16 AM To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] Blocking Outgoing VPN Access Hi, I'm trying to block VPN access from my network because people are connecting to a nearby campus with VPN and downloading through direct connect that way. I made a firewall rule that rejected UDP packets destined for port 500 but this did not prevent access. The VPN connection I'm trying to block uses IPSec. Any suggestions? Jim --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch ____________ Virus checked by G DATA AntiVirusKit |