MSN allow for specific user

Protecting your Linux box

MSN allow for specific user

Postby majidnazeer » Fri Dec 01, 2006 3:41 pm

Hi All!

MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.


Thanks
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Re: MSN allow for specific user

Postby kbukhari » Fri Dec 01, 2006 4:25 pm

majidnazeer wrote:Hi All!

MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.




Thanks

1st tell how you are blocking msn ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Re:

Postby LinuxFreaK » Fri Dec 01, 2006 5:22 pm

Dear majidnazeer,
Salam,

If you are blocking MSN by using Squid. Then you should take a look into this.

Code: Select all

acl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn
http_access allow farrukh msn


If you are using iptables then you should RTM :)

FYI, http://www.netfilter.org

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

MSN allow for specific user

Postby majidnazeer » Fri Dec 01, 2006 6:40 pm

Dear Farrukh!

I block MSN through iptables. I block MSN port.
iptables -I INPUT -p tcp --dport 1863 -j DROP

Everybody are blocked.

When I use these ACL

acl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn
http_access allow farrukh msn


everybody could not be access. Because MSN port is blocked. When i remove this rule

iptables -I INPUT -p tcp --dport 1863 -j DROP

then everbody can connect MSN. Anymore Help pls.


Thanks
Majid
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Postby lambda » Fri Dec 01, 2006 10:08 pm

like he said, read the iptables manual. the answer you seek is

Code: Select all

iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT
placed before your rule to block all msn traffic, of course.

you won't get very far in life without depending on the wisdom of others, but you definitely won't get anywhere without developing wisdom of your own. read the documentation for the software you use. your job depends on it.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

MSN allow for specific user

Postby majidnazeer » Sat Dec 02, 2006 9:25 am

I already do this.
iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT


But MSN accessed from this ip.

Thanks
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Re: MSN allow for specific user

Postby LinuxFreaK » Sat Dec 02, 2006 10:17 am

Dear majidnazeer,
Salam,

Try this rule.

# iptables -t nat -A PREROUTING -s 192.168.your.manager -p tcp --dport 1863 -j ACCEPT

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

MSN allow for specific user

Postby majidnazeer » Sat Dec 02, 2006 10:52 am

I use this rule in my rc.local.
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP


I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.

I try to do this too.
iptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT


could not be access till
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Re: MSN allow for specific user

Postby sohaileo » Sun Dec 03, 2006 1:14 pm

Dear majid

Use FORWARD instead of INPUT

Change
]
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT

To


iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT

Regards,

majidnazeer wrote:I use this rule in my rc.local.
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP


I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.

I try to do this too.
iptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT


could not be access till
Sohail Riaz, RHCE
HPC Consultant
Email : sohaileo@gmail.com, riazsx@aramco.com
Web : http://www.sohailriaz.com
sohaileo
Naik
 
Posts: 54
Joined: Mon Dec 26, 2005 1:43 pm
Website: http://www.fastadmins.com
WLM: sohaileo@hotmail.com
Yahoo Messenger: sohaileo79@yahoo.com

MSN allow for specific user

Postby majidnazeer » Mon Dec 04, 2006 11:44 am

Dear Farrukh, Sohail Riaz & all others!

I try to this too. But that ip could not be accessed.

iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT


I solve that problem through ACL.

acl msn url_regex -i gateway.dll
acl msn1 src 192.168.0.1
http_access allow msn1 msn


for above acl i can connect msn from specific ip.

Thanks to all of u.
majidnazeer
Naik
 
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

Allow MSN to Specified Users

Postby anjoyia » Thu May 29, 2008 5:36 pm

Dear All


Please follow the following procedure to Exclude some users from MSN Blocking.

Considering 192.168.1.5 is manager's IP.

acl msnAllowed src 192.168.1.5
acl msnDLL url_regex -i gateway.dll

http_access deny msnDLL !msnAllowed


Please write me if you have some issues. it is tested over my network and working very fine.
anjoyia
Cadet
 
Posts: 1
Joined: Sun Nov 03, 2002 7:15 am

Postby x2oxen » Sat May 31, 2008 11:51 am

Did you tried this rule for blocking

Code: Select all

iptables -I INPUT -p tcp -s ! 192.168.your.manager --dport 1863 -j DROP


instead of

Code: Select all

iptables -I INPUT -p tcp --dport 1863 -j DROP
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby nomankhn » Sat May 31, 2008 7:59 pm

lol.

Every body is unblocking manager what about CEO and other staff. only Manager is the main person in your company, or your company have just two persons. one you and manager.

Regards,
Noman Liaquat
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest