On Wednesday 2005-September-07 02:43, Soo Chun Keat wrote:
> I just implement a center firewall (iptables) with transparent proxy
> (squid) in my company. I block the msn and yahoo chatting program in
> my iptables rules. However, the users still can use external free
> proxy to use msn and yahoo messenger. May I know got any way for me
> to block the users for doing this and force all the traffic must go
> though my proxy?
The bottom line is that you must know more than your users. Don't
provide outbound routing (and NAT if applicable) on protocols deemed
unwanted. Don't let them out at all, if you can.
But what is this external proxy? How can you block it?
It does appear that you're using technology to try to solve a human
problem. If they're motivated to continue doing this, you will find it
very difficult to stay ahead of them. The providers, particularly MSN,
are constantly changing their protocols to be harder to block.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
