|
||||||||
Hi Lemor, On Wed, 2004-01-28 at 08:23, Lemor wrote: > fe. like kaza? There are a number of things that are easy to block, such as web traffic, smtp traffic, web traffic to a particular IP address or network, most IRC servers and so on. There are a number of things that are much harder to block, such as MSN Messenger, Kazaa, Yahoo! Messenger, and so on. The reason this second class of protocols/applications is harder to block is that they have been designed to get around firewalls by dropping back to an often-used port - normally the http port, port 80 - if their default port range is blocked. This makes these next to impossible to block with a simple port filter such as that in m0n0wall, SmoothWall, IPCop, and anything else using this method. There are a number of applications - mainly squidGuard and Dan's Guardian (also sold as SmoothGuardian/Corporate Guardian)- that can be run on your squid proxy server to assist in blocking these types of traffic, and other forms of traffic such as advertising etc. As m0n0wall is not a web cache (it doesn't run squid), then you will need to have an internal machine that runs squid, that is configured to block traffic on port 80 to these destinations. Basically, and unfortunately, it is not that easy to block these services. -- Regards, Hilton Travis Email: Hilton at QuarkAV dot com Manager, Quark AudioVisual Phone: +61-(0)7-3343-3889 Quark Computers Phone: +61-(0)419-792-394 (Brisbane, Australia) http://www.QuarkAV.com/ Open Source Projects: http://www.ares-desktop.org/ http://www.mamboband.org/ Non Linear Video Editing Solutions & Digital Audio Workstations Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Conference and Seminar AudioVisual Production and Recording War doesn't determine who is right. War determines who is left. |