Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking MSN Messenger

Please note folks, this is a Macintosh OS X Server users' list, not a router
administration list. Consult your router technical manuals before following contributors'
advice about what to do or not do with your router on this list. Backup your router
firmware kernel before doing anything to it. Each router manufacturer and model has it's
own flavor of command line interface and they do not all work the same way. ....Caveat
Emptor...
--
Cecile G Mac Support Helpdesk
Dayspring Technical Support Services
daystech com

John Buell wrote:

> You need to know a heck of a lot about the router for it to work. First of
> all you need the main access and enable access passwords (kind of like
> user level and root passwords in UNIX). AND you need to know how the
> router connects to the rest of your network.
>
> But lets say you have that, and you know that the router goes outbound on
> serial port 1 (i.e. Ethernet from switch to router is incoming on router
> port ethernet 0, and outbound traffic from the router to the rest of your
> "cloud" or indeed the Internet, is on serial port 1).
>
> Lets say also that you use the internal reserved class A addressing
> (10.x.x.x) for your network - and I forget which port we said MSN connects
> to, so lets just pretend its 6250.
>
> So, telnet to the address of the Cisco router (another bit of info you'll
> need, but if you're on OS X, and type 'traceroute <any address>' at the
> Terminal prompt, the first set of numbers that comes up will be your first
> connected router).
>
> At the Cisco prompt type the access password. You'll get a new prompt.
>
> Type 'enable' and then the 'enable password'.
>
> First check to see if there are any access lists already. I'm going to
> assume that there are none, but it's best to be safe. For filtering to a
> specific port, your access list number needs to be between 101 and 199.
> Most people start at 101, so if you go high, like 160, you should be safe.
> The command for checking existing lists is "show ip access-list" (this
> disregards any netware or appletalk lists you may have, since to block MSN
> Messenger, we'll need IP anyway).
>
> Pretending that there are either no lists already, or none using #160,
> we'll move on:
>
> Type 'config t' (for configure from terminal).
>
> Type 'int s 1' (interface serial 1, part of my earlier assumptions for
> this example).
>
> Type 'access-list 160 deny ip 10.0.0.0 0.255.255.255 6250 any'
> In English: We are denying all IP packets from any host on network
> 10.0.0.0 to ANY destination at port 6250.
>
> Now type 'access-list 160 permit ip any any'
> This explicitly allows all other Ip traffic to flow. Cisco routers have
> this habit of implicity DENYING all other traffic unless you tell it
> otherwise.
>
> Finally type 'access-group 160 out'
>
> Now this traffic will NOT go outbound onto your serial connection.
>
> If you would prefer it not even come IN to the router, you can change it
> to 'int e 0' where I had 'int s 1' and the last command to 'access-group
> 160 in'.
>
> For reference: check any of the CCNA or Cisco Networking Academy 1st or
> 2nd semester materials.
>
> Hope this Helps.
>
> -John
>
> On Sat, 29 Jun 2002, Juan Manuel Palacios wrote:
>
> > On Tuesday, June 25, 2002, at 10:05 AM, Grant Wray wrote:
> >
> > > You can set up an access control list on the cisco router.
> > > Grant/
> > >
> > >
> >
> > Access control list? I have seen this referenced quite a couple of
> > times now, but don't have much of an idea of what it is about. Actually,
> > I do have an idea, it's about blocking or allowing desired connections
> > on a rule basis, much like a firewall. What I don't know is how it is
> > done, what the commands and/or syntax is.
> >
> > Anywhere I could look for info and tutorials on this?
> >
> > Thanks for your time and suggestion. Sincerely,...
> >
> >
> > Juan.
> >
> > > -----Original Message-----
> > > From: Juan Manuel Palacios [mailto:email@hidden]
> > > Sent: 25 June 2002 14:58
> > > To: Mac OS X Server Mailing List
> > > Subject: Blocking MSN Messenger
> > >
> > >
> > > Hello everybody. Does anyone have any idea what ports MSN
> > > Messenger
> > > uses to communicate? My network users keep on using it outside leisure
> > > hours so my employers came to the conclusion that it use needs to be
> > > blocked, at least during work hours.
> > >
> > > So my basic questions here are, apart from what port it uses,
> > > how
> > > to achieve this with Mac OS X Server's built in firewall if the box is
> > > only another host in the network? The network routes through a Cisco
> > > router providing DSL connectivity and my MOSXS box is just a file
> > > server, so I don't know how to make it filter the IP packets if the
> > > other hosts are not routing through it. And also, how can I implement a
> > > rule and take it down at separated time intervals? What I want is for my
> > > network users to be able to chat at lunch time and after the work day is
> > > over, but not during work time. So I need some kind of automatization on
> > > an IP filtering rule that has to come down at a certain hour and then
> > > back up. How could I achieve this?
> > >
> > > Thank you very much. Sincerely,...
> > >
> > >
> > > Juan.
> > > _______________________________________________
> > > macos-x-server mailing list | email@hidden
> > > Help/Unsubscribe/Archives:
> > > http://www.lists.apple.com/mailman/listinfo/macos-x-server
> > > Do not post admin requests to the list. They will be ignored.
> > >
> > >
> > > *************************************************************************
> > > **********
> > > Legally privileged/Confidential Information may be contained in this
> > > message.
> > > If you are not the addressee(s) legally indicated in this
> > > message (or responsible for delivery of the message to such person),
> > > you may not copy or deliver this message to anyone. In such case, you
> > > should destroy this message, and notify us immediately. If you or your
> > > employer does not consent to Internet e-mail messages of this kind,
> > > please advise us immediately. Opinions, conclusions and other
> > > information expressed in this message are not given or endorsed by West
> > > Herts College unless otherwise indicated by an authorised
> > > representative independent of this message. Please note that neither
> > > West Herts College nor I accept any responsibility for viruses and it
> > > is your responsibility to scan attachments (if any).
> > _______________________________________________
> > macos-x-server mailing list | email@hidden
> > Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
> > Do not post admin requests to the list. They will be ignored.
> _______________________________________________
> macos-x-server mailing list | email@hidden
> Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Blocking MSN Messenger (From: John Buell <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.