MSN allow for specific user
-
- Naik
- Posts: 60
- Joined: Wed Oct 05, 2005 12:37 pm
MSN allow for specific user
Hi All!
MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.
Thanks
MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.
Thanks
Re: MSN allow for specific user
1st tell how you are blocking msn ?majidnazeer wrote:Hi All!
MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.
Thanks
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear majidnazeer,
Salam,
If you are blocking MSN by using Squid. Then you should take a look into this.
If you are using iptables then you should RTM
FYI, http://www.netfilter.org
Best Regards.
Salam,
If you are blocking MSN by using Squid. Then you should take a look into this.
Code: Select all
acl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn
http_access allow farrukh msn
FYI, http://www.netfilter.org
Best Regards.
Farrukh Ahmed
-
- Naik
- Posts: 60
- Joined: Wed Oct 05, 2005 12:37 pm
MSN allow for specific user
Dear Farrukh!
I block MSN through iptables. I block MSN port.
iptables -I INPUT -p tcp --dport 1863 -j DROP
Everybody are blocked.
When I use these ACL
iptables -I INPUT -p tcp --dport 1863 -j DROP
then everbody can connect MSN. Anymore Help pls.
Thanks
Majid
I block MSN through iptables. I block MSN port.
iptables -I INPUT -p tcp --dport 1863 -j DROP
Everybody are blocked.
When I use these ACL
everybody could not be access. Because MSN port is blocked. When i remove this ruleacl msn url_regex -i gateway.dll
acl farrukh src 192.168.0.9
http_access deny msn
http_access allow farrukh msn
iptables -I INPUT -p tcp --dport 1863 -j DROP
then everbody can connect MSN. Anymore Help pls.
Thanks
Majid
like he said, read the iptables manual. the answer you seek isplaced before your rule to block all msn traffic, of course.
you won't get very far in life without depending on the wisdom of others, but you definitely won't get anywhere without developing wisdom of your own. read the documentation for the software you use. your job depends on it.
Code: Select all
iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT
you won't get very far in life without depending on the wisdom of others, but you definitely won't get anywhere without developing wisdom of your own. read the documentation for the software you use. your job depends on it.
-
- Naik
- Posts: 60
- Joined: Wed Oct 05, 2005 12:37 pm
MSN allow for specific user
I already do this.
Thanks
But MSN accessed from this ip.iptables -A INPUT -p tcp -s 192.168.your.manager --dport 1863 -j ACCEPT
Thanks
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: MSN allow for specific user
Dear majidnazeer,
Salam,
Try this rule.
# iptables -t nat -A PREROUTING -s 192.168.your.manager -p tcp --dport 1863 -j ACCEPT
Best Regards.
Salam,
Try this rule.
# iptables -t nat -A PREROUTING -s 192.168.your.manager -p tcp --dport 1863 -j ACCEPT
Best Regards.
Farrukh Ahmed
-
- Naik
- Posts: 60
- Joined: Wed Oct 05, 2005 12:37 pm
MSN allow for specific user
I use this rule in my rc.local.
I try to do this too.
I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP
I try to do this too.
could not be access tilliptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT
Re: MSN allow for specific user
Dear majid
Use FORWARD instead of INPUT
Change
]
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
To
iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
Regards,
Use FORWARD instead of INPUT
Change
]
iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
To
iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
Regards,
majidnazeer wrote:I use this rule in my rc.local.I try to check up & down of rules. first i drop then specific ip allow but could not be accessed specific IP. Any more help pls.iptables -A INPUT -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j DROP
I try to do this too.could not be access tilliptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 1863 -j ACCEPT
Sohail Riaz, RHCE
HPC Consultant
Email : sohaileo@gmail.com, riazsx@aramco.com
Web : http://www.sohailriaz.com
HPC Consultant
Email : sohaileo@gmail.com, riazsx@aramco.com
Web : http://www.sohailriaz.com
-
- Naik
- Posts: 60
- Joined: Wed Oct 05, 2005 12:37 pm
MSN allow for specific user
Dear Farrukh, Sohail Riaz & all others!
I try to this too. But that ip could not be accessed.
Thanks to all of u.
I try to this too. But that ip could not be accessed.
I solve that problem through ACL.iptables -A FORWARD -p tcp -s 192.168.0.1 --dport 1863 -j ACCEPT
for above acl i can connect msn from specific ip.acl msn url_regex -i gateway.dll
acl msn1 src 192.168.0.1
http_access allow msn1 msn
Thanks to all of u.
Allow MSN to Specified Users
Dear All
Please follow the following procedure to Exclude some users from MSN Blocking.
Considering 192.168.1.5 is manager's IP.
acl msnAllowed src 192.168.1.5
acl msnDLL url_regex -i gateway.dll
http_access deny msnDLL !msnAllowed
Please write me if you have some issues. it is tested over my network and working very fine.
Please follow the following procedure to Exclude some users from MSN Blocking.
Considering 192.168.1.5 is manager's IP.
acl msnAllowed src 192.168.1.5
acl msnDLL url_regex -i gateway.dll
http_access deny msnDLL !msnAllowed
Please write me if you have some issues. it is tested over my network and working very fine.
Did you tried this rule for blocking
instead of
Code: Select all
iptables -I INPUT -p tcp -s ! 192.168.your.manager --dport 1863 -j DROP
Code: Select all
iptables -I INPUT -p tcp --dport 1863 -j DROP