Hi there, After a long time here. I am havin a prob in my office. It has become a culture to chat using yahoo messenger and msn messenger all the time instead of working. Now i need to stop both of these. Can i use a firewall to block ports?

Also give me a solution if i want to use proxy (transparent)... And is there any squid for win2k?? because then i'll need to deploy that too... please help me...

Many IM clients a designed to use a list of secondary ports if the primary ones are blocked. In fact most will use port 80, which makes it difficult to distinguish from standard web traffic. Easiest way to do this is to run squid on the gateway and use iptables to redirect traffic locally to the squid port (aka transparent proxying). That way to the setup will be transparent to the internal users and it saves you from having to manually reconfigure the tcp/ip settings on all of the client machines.

http://www.faqs.org/docs/Linux-mini/...rentProxy.html

I've heard good things about using Dansguardian as well.

Thanx for the info. I also found this is the best way... But now i have to use a linux-box instead of my currently available router.

I know it's a pain to make that transition, but once you do you'll find it to be much more powerful and flexible solution. Things like detailed logging and traffic shaping are reasonably easy to do with a linux box and are virtually absent from all but higher-end routers. Unless you have significant traffic load that requires dedicated hardware, then I'd seriously consider it.

hmmm... but i need one very important solution. It is not currently available... but have plan for this. If it can support, then i'll just go for it. That is my office is now using a so called broadband. But it is the worst thing they are using. I found a dial-up with a noisy connection is better than this one. Thus i have started to think about using EDGE using a EDGE modem. There i got more than 120kb at any time which is sufficient in my office for sharing with 4-5 PCs. But i have to dial-up and actually i then need demand dial using the EDGE modem as a normal modem used by COM ports. Is it possible in linux?? By the way, the EDGE modem will be connected to the box using a USB. I know it can be done in windows, but i need linux for my case...

I've never used it, but it looks like a number of usb EDGE modems appear to be supported under linux. You may want to start a new thread in the Linux - Networking or Linux - Hardware (do not post in both) specifically regarding getting your usb EDGE modem to work. Make sure to include specifics on the make and model number as well as the distro and version of linux you are planning to use. Probably a good idea to get it working stably on a test network first before rolling it out.

Might find this a useful discussion.

and there are also tools that can tunnel through this proxy setup and act as a local socks proxy server on the client machine. (like socks2http).
preventing messenger access can't be done alone at the server level. you also need to do some "policing" at the users' side. unless, of course, if you run your firewall/proxy server in paranoid mode.

there are a lot of ways for a very persistent user who can't live without messenger clients around.

I'd advise not only blocking the ports but also stipulating in your company IT policy that IM services are prohibited, and will lead to disciplinary action.

Moved: This thread is more suitable in the Linux Networking forum (taxonomy: +network +"block access") and has been moved accordingly to help your thread/question get the exposure it deserves.