[ previous ] [ next ] [ threads ]
 From:  "C. Andrew Zook" <andrewzook at pdqlocks dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Killing all P2P traffic? How?
 Date:  Fri, 26 Jan 2007 06:38:53 -0500
Here is something I posted last week when talking about monitoring - it 
will work in your situation as well. It will even allow you to block by 
file type!


I prefer to use the combo of tinyproxy/dansguardian/srg

Tinyproxy is the proxy server
Dansguardian filters internet content
srg produces web based reports

It gives a really nice/basic web based text only report that will show 
you all of the sites that your users have surfed, and will arrange the 
users by total bandwidth/ip address. Dansguardian has the added benefit 
of running everything through Clamav to offer some virus protection.

All three are Debian/Ubuntu packages.

Set Tinyproxy to only accept connections from localhost
Point Dansguardian to the localhost Tinyproxy port
Set dansguardian to use a Squid format log file
Point srg to the /var/log/dansguardian/access.log
Block all internet access but Proxy server with M0n0wall
Either set web browsers to use proxy, or set up automatic browser 


Alex M wrote:
> Hi ppl!
> I decided that out users do toooooo much illegal downloading (at least that
> what I think, ppl cant just download 4.8Gb each day, and that # seams to be
> equal to the size of 1 DVD)
> So I'm looking for the way to block traffic from most known P2P clients. I
> think this is possible by blocking their ports, but a) I don't know all the
> ports b) ppl can change their port #s. So is there any easy way to deal with
> it? Maybe through traffic shaper set some how max speed to 1kbps? Also can
> we do some blocking per user base?
> Appreciate your suggestions!