MSN allow for specific user

Protecting your Linux box
Post Reply
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

MSN allow for specific user

Post by majidnazeer »

Hi All!

MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.


Thanks
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re: MSN allow for specific user

Post by kbukhari »

majidnazeer wrote:Hi All!

MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.




Thanks
1st tell how you are blocking msn ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear majidnazeer,
Salam,

If you are blocking MSN by using Squid. Then you should take a look into this.

Code: Select all

acl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn 
http_access allow farrukh msn
If you are using iptables then you should RTM :)

FYI, http://www.netfilter.org

Best Regards.
Farrukh Ahmed
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

MSN allow for specific user

Post by majidnazeer »

Dear Farrukh!

I block MSN through iptables. I block MSN port.
iptables -I INPUT -p tcp --dport 1863 -j DROP

Everybody are blocked.

When I use these ACL
acl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn
http_access allow farrukh msn
everybody could not be access. Because MSN port is blocked. When i remove this rule

iptables -I INPUT -p tcp --dport 1863 -j DROP

then everbody can connect MSN. Anymore Help pls.


Thanks
Majid
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

like he said, read the iptables manual. the answer you seek is

Code: Select all

iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT
placed before your rule to block all msn traffic, of course.

you won't get very far in life without depending on the wisdom of others, but you definitely won't get anywhere without developing wisdom of your own. read the documentation for the software you use. your job depends on it.
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

MSN allow for specific user

Post by majidnazeer »

I already do this.
iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT
But MSN accessed from this ip.

Thanks
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re: MSN allow for specific user

Post by LinuxFreaK »

Dear majidnazeer,
Salam,

Try this rule.

# iptables -t nat -A PREROUTING -s 192.168.your.manager -p tcp --dport 1863 -j ACCEPT

Best Regards.
Farrukh Ahmed
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

MSN allow for specific user

Post by majidnazeer »

I use this rule in my rc.local.
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP
I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.

I try to do this too.
iptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT
could not be access till
sohaileo
Naik
Posts: 54
Joined: Mon Dec 26, 2005 1:43 pm
Contact:

Re: MSN allow for specific user

Post by sohaileo »

Dear majid

Use FORWARD instead of INPUT

Change
]
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT

To


iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT

Regards,
majidnazeer wrote:I use this rule in my rc.local.
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP
I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.

I try to do this too.
iptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT
could not be access till
Sohail Riaz, RHCE
HPC Consultant
Email : sohaileo@gmail.com, riazsx@aramco.com
Web : http://www.sohailriaz.com
majidnazeer
Naik
Posts: 60
Joined: Wed Oct 05, 2005 12:37 pm

MSN allow for specific user

Post by majidnazeer »

Dear Farrukh, Sohail Riaz & all others!

I try to this too. But that ip could not be accessed.
iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
I solve that problem through ACL.
acl msn url_regex -i gateway.dll
acl msn1 src 192.168.0.1
http_access allow msn1 msn
for above acl i can connect msn from specific ip.

Thanks to all of u.
anjoyia
Cadet
Posts: 1
Joined: Sun Nov 03, 2002 7:15 am

Allow MSN to Specified Users

Post by anjoyia »

Dear All


Please follow the following procedure to Exclude some users from MSN Blocking.

Considering 192.168.1.5 is manager's IP.

acl msnAllowed src 192.168.1.5
acl msnDLL url_regex -i gateway.dll

http_access deny msnDLL !msnAllowed


Please write me if you have some issues. it is tested over my network and working very fine.
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Did you tried this rule for blocking

Code: Select all

iptables -I INPUT -p tcp -s ! 192.168.your.manager --dport 1863 -j DROP
instead of

Code: Select all

iptables -I INPUT -p tcp --dport 1863 -j DROP
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

lol.

Every body is unblocking manager what about CEO and other staff. only Manager is the main person in your company, or your company have just two persons. one you and manager.

Regards,
Noman Liaquat
Post Reply