HI I have Linux server ( Cent OS ) that runs a firewall and squid ( which is behind the fire wall ) . bellow is my iptable file # Generated by iptables-save v1.3.5 on Thu Feb 7 02:43:43 2008 *nat :PREROUTING ACCEPT [5233:333834] :POSTROUTING ACCEPT [5:1836] :OUTPUT ACCEPT [1150:71993] -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth0 -p udp -m udp --dport 22 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Thu Feb 7 02:43:43 2008 # Generated by iptables-save v1.3.5 on Thu Feb 7 02:43:43 2008 *filter :INPUT ACCEPT [68521:21158845] :FORWARD ACCEPT [36355:23402728] :OUTPUT ACCEPT [93843:100437897] -A INPUT -i lo -j ACCEPT -A FORWARD -i eth2 -j ACCEPT -A OUTPUT -o lo -j ACCEPT COMMIT # Completed on Thu Feb 7 02:43:43 2008
I redirect all request that comes for port 80 to 3128 ( squid machine ) .... and there with the squid i have blocked few sites.
But i want to block gmail ( but i am not allowed to block port 443... which gmail works on ) so my question here is how do i block gmail with out blocking port 443 ?
(sorry for binging this issue up again !! but i have not really not found a permanent solution )
Thanks ! for all the help !!!
Agnello George wrote:
HI I have Linux server ( Cent OS ) that runs a firewall and squid ( which is behind the fire wall ) . bellow is my iptable file
*snip*
But i want to block gmail ( but i am not allowed to block port 443... which gmail works on ) so my question here is how do i block gmail with out blocking port 443 ? (sorry for binging this issue up again !! but i have not really not found a permanent solution )
Use squid ACLs to do the blocking job.
On Wednesday 06 Feb 2008 21:29:07 Agnello George wrote:
But i want to block gmail ( but i am not allowed to block port 443... which gmail works on )
Damn. I'll never work in a company that does all this ;)
On 2/6/08, Mrugesh Karnik mrugeshkarnik@gmail.com wrote:
On Wednesday 06 Feb 2008 21:29:07 Agnello George wrote:
But i want to block gmail ( but i am not allowed to block port 443...
which
gmail works on )
Damn. I'll never work in a company that does all this ;)
Ya !! i know what you mean .... but its intresting to know how to block gmail with out blocking port 443 ... companies like wipro ( bpo ) ..{ where i previously worked } couldnt even block that ...
On Feb 7, 2008 12:56 PM, Agnello George agnello.dsouza@gmail.com wrote:
On 2/6/08, Mrugesh Karnik mrugeshkarnik@gmail.com wrote:
On Wednesday 06 Feb 2008 21:29:07 Agnello George wrote:
But i want to block gmail ( but i am not allowed to block port 443...
which
gmail works on )
Damn. I'll never work in a company that does all this ;)
Ya !! i know what you mean .... but its intresting to know how to block gmail with out blocking port 443 ... companies like wipro ( bpo ) ..{ where i previously worked } couldnt even block that ...
I don't know how they can't block it. Most of the offices of my employer have been blocking gmail (both www.gmail.com and mail.google.com/mail) very successfully. However, I am not the one to go and ask the sysadmin how, with whom I have a personal biff.
Strange how sysadmins dislike laypeople with geek qualities. They will however let the software professionals amongst them have an almost unfettered access to anything. Is it a class thing, or are software professionals better at self-control?
Nishit Dave wrote:
Strange how sysadmins dislike laypeople with geek qualities. They will however let the software professionals amongst them have an almost unfettered access to anything. Is it a class thing, or are software professionals better at self-control?
I don't think so. IMHO, the problem sysadmins working in a software development environment have is with insufferable know-it-all developers (a small percentage) who think the SA Team are SOBs who have nothing better to do than block webmail & IM and scour the logs for pr0n surfers.
On 07-Feb-08, at 7:44 PM, Nishit Dave wrote:
Strange how sysadmins dislike laypeople with geek qualities.
not at all strange - generally software professionals (people 'trained' in CS or IT) are terrified of laymen with geek qualities. I mean if any 'idiot' can do sysadmin then their jobs are on line. Which is why software professionals are the biggest obstacle to the foss movement - again they are terrified that their jobs are on line. This is nothing new - in all domains, people with domain knowledge try to keep that knowledge to themselves and are hostile to any laymen encroaching on their domains. Think ekalavya.
-
Agnello George -
Kenneth Gonsalves -
Mrugesh Karnik -
Nishit Dave -
Vivek J. Patankar