On Tuesday 11 October 2005 01:18 pm, Steven Vishoot wrote:
thank you for correcting me, i knew i was kind of in the neighborhood and knew it was not that simply since a lot im programs use different ports. So it might a good idea to know what IM program they are using would you think?
My $.02:
#1 Setup a powerful iptables configuration tool like shorewall (my preferred choice) or fwbuilder and use it to limit all *outbound* traffic to a few ports (80 , 443).
#2. Let them go about their business.
#3. Go through the syslog messages (/var/log/messages). You will see all the ports they were trying to IM and fileshare out on, and that were blocked.
#4. Think about what you want to allow. If you *only* want to allow web browsing, set up squid, and drop everything outbound that isn't destined for port 3128 on your squid server.
#5. Squid will generate logs of what websites were visited. Check the logs occasionally.
Email me/list if you need help setting up shorewall/squid. You may want to put the restricted PC in a modified DMZ - shorewall has a special configuration to do exactly what you are asking.