Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking MSN Messenger

You need to know a heck of a lot about the router for it to work. First of
all you need the main access and enable access passwords (kind of like
user level and root passwords in UNIX). AND you need to know how the
router connects to the rest of your network.

But lets say you have that, and you know that the router goes outbound on
serial port 1 (i.e. Ethernet from switch to router is incoming on router
port ethernet 0, and outbound traffic from the router to the rest of your
"cloud" or indeed the Internet, is on serial port 1).

Lets say also that you use the internal reserved class A addressing
(10.x.x.x) for your network - and I forget which port we said MSN connects
to, so lets just pretend its 6250.

So, telnet to the address of the Cisco router (another bit of info you'll
need, but if you're on OS X, and type 'traceroute <any address>' at the
Terminal prompt, the first set of numbers that comes up will be your first
connected router).

At the Cisco prompt type the access password. You'll get a new prompt.

Type 'enable' and then the 'enable password'.

First check to see if there are any access lists already. I'm going to
assume that there are none, but it's best to be safe. For filtering to a
specific port, your access list number needs to be between 101 and 199.
Most people start at 101, so if you go high, like 160, you should be safe.
The command for checking existing lists is "show ip access-list" (this
disregards any netware or appletalk lists you may have, since to block MSN
Messenger, we'll need IP anyway).

Pretending that there are either no lists already, or none using #160,
we'll move on:

Type 'config t' (for configure from terminal).

Type 'int s 1' (interface serial 1, part of my earlier assumptions for
this example).

Type 'access-list 160 deny ip 10.0.0.0 0.255.255.255 6250 any'
In English: We are denying all IP packets from any host on network
10.0.0.0 to ANY destination at port 6250.

Now type 'access-list 160 permit ip any any'
This explicitly allows all other Ip traffic to flow. Cisco routers have
this habit of implicity DENYING all other traffic unless you tell it
otherwise.

Finally type 'access-group 160 out'

Now this traffic will NOT go outbound onto your serial connection.

If you would prefer it not even come IN to the router, you can change it
to 'int e 0' where I had 'int s 1' and the last command to 'access-group
160 in'.

For reference: check any of the CCNA or Cisco Networking Academy 1st or
2nd semester materials.

Hope this Helps.

-John

On Sat, 29 Jun 2002, Juan Manuel Palacios wrote:

> On Tuesday, June 25, 2002, at 10:05 AM, Grant Wray wrote:
>
> > You can set up an access control list on the cisco router.
> > Grant/
> >
> >
>
> Access control list? I have seen this referenced quite a couple of
> times now, but don't have much of an idea of what it is about. Actually,
> I do have an idea, it's about blocking or allowing desired connections
> on a rule basis, much like a firewall. What I don't know is how it is
> done, what the commands and/or syntax is.
>
> Anywhere I could look for info and tutorials on this?
>
> Thanks for your time and suggestion. Sincerely,...
>
>
> Juan.
>
> > -----Original Message-----
> > From: Juan Manuel Palacios [mailto:email@hidden]
> > Sent: 25 June 2002 14:58
> > To: Mac OS X Server Mailing List
> > Subject: Blocking MSN Messenger
> >
> >
> > Hello everybody. Does anyone have any idea what ports MSN
> > Messenger
> > uses to communicate? My network users keep on using it outside leisure
> > hours so my employers came to the conclusion that it use needs to be
> > blocked, at least during work hours.
> >
> > So my basic questions here are, apart from what port it uses,
> > how
> > to achieve this with Mac OS X Server's built in firewall if the box is
> > only another host in the network? The network routes through a Cisco
> > router providing DSL connectivity and my MOSXS box is just a file
> > server, so I don't know how to make it filter the IP packets if the
> > other hosts are not routing through it. And also, how can I implement a
> > rule and take it down at separated time intervals? What I want is for my
> > network users to be able to chat at lunch time and after the work day is
> > over, but not during work time. So I need some kind of automatization on
> > an IP filtering rule that has to come down at a certain hour and then
> > back up. How could I achieve this?
> >
> > Thank you very much. Sincerely,...
> >
> >
> > Juan.
> > _______________________________________________
> > macos-x-server mailing list | email@hidden
> > Help/Unsubscribe/Archives:
> > http://www.lists.apple.com/mailman/listinfo/macos-x-server
> > Do not post admin requests to the list. They will be ignored.
> >
> >
> > *************************************************************************
> > **********
> > Legally privileged/Confidential Information may be contained in this
> > message.
> > If you are not the addressee(s) legally indicated in this
> > message (or responsible for delivery of the message to such person),
> > you may not copy or deliver this message to anyone. In such case, you
> > should destroy this message, and notify us immediately. If you or your
> > employer does not consent to Internet e-mail messages of this kind,
> > please advise us immediately. Opinions, conclusions and other
> > information expressed in this message are not given or endorsed by West
> > Herts College unless otherwise indicated by an authorised
> > representative independent of this message. Please note that neither
> > West Herts College nor I accept any responsibility for viruses and it
> > is your responsibility to scan attachments (if any).
> _______________________________________________
> macos-x-server mailing list | email@hidden
> Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Blocking MSN Messenger (From: Juan Manuel Palacios <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.