On Mon, Nov 01, 2004 at 06:21:01AM -0800, Nilesh wrote: > Hello All, > > I am not able to block MSN Messenger when I put this > rule in rc.firewall script > This rule is required for to connect VPN sever at > client side. > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to > $EXTIP that rule translates the source address of all packets routed out $EXTIF to $EXTIP. it is not a filter rule, so there's no reason to think it would have anything to do with blocking MSN messenger. > Could any one tell me what needs to be change in > Squid.conf for blocking MSN messenger or tell me the this is not a squid list, nor does cross-posting to the squid list make this a squid list. > way to block it. without your current ruleset, no. i can give you the necessary information you need to incorporate the proper rule into your specific configuration. MSN Messenger client connects to the server on TCP Port 1863. block access to this port, and the client will not be able to connect over its native transport. in the event that TCP port 1863 is filtered, MSN Messenger client will attempt to connect over TCP Port 80 with an HTTP CONNECT request that looks something like: http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com in the future, things you could do before cross-posting: go to http://google.com and type 'iptables block msn messenger' or 'squid block msn messenger' as this question is asked approximately every 43 seconds, and many people have taken the time to answer it many times before. go to http://marc.theaimsgroup.com/ and search the 'netfilter' or 'squid-users' lists for 'msn messenger' -j -- "Oh, so they have internet on computers now!" --The Simpsons
