Coloque ai as regras de iptables utilizada para resolver parcialmente esse problema.
Att, 2009/5/15 Armando Barsotini Neto <[email protected]> > > > Pronto... > > Não queria, mas utilizei o IPTABLES... > problema provisoriamente "RESOLVIDO"... > > Agradeço a atenção e ajuda de todos... > > Att, > > Armando! > > 2009/5/15 Armando Barsotini Neto <[email protected]> > >> Complementando... a GATEWAY.DLL está bloqueada >> 1242428228.429 0 192.168.0.100 TCP_DENIED/407 1981 POST >> http://gateway.messenger.hotmail.com/gateway/gateway.dll? - NONE/- >> text/html >> 1242428228.432 1 192.168.0.100 TCP_DENIED/403 1616 POST >> http://gateway.messenger.hotmail.com/gateway/gateway.dll? teste NONE/- >> text/html >> >> E mesmo assim o FDP conecta..... >> >> Att, >> >> Armando! >> >> >> 2009/5/15 Armando Barsotini Neto <[email protected]> >> >>> Olá... >>> Definitivamente, depois de muitos testes... descobri o seguinte... >>> >>> Posso bloquear tudo: >>> >>> sqmserver.dll >>> gateway.dll >>> ADSAdClient31.dll >>> rad.msn.com >>> contacts.msn.com >>> gateway.messenger.hotmail.com >>> messenger.hotmail.com >>> config.messenger.msn.com >>> t.msn.com >>> local-bay.contacts.msn.com:443 >>> local-bay.contacts.msn.com >>> msnportal.112.2o7.net >>> mymsn.hotmail.msn.com >>> msgr.dlservice.microsoft.com >>> storage.msn.com >>> edge.messenger.live.com >>> www.sqm.microsoft.com >>> wlsetup-cvr.exe >>> >>> Os logs do SQUID retornam: >>> >>> 1242425890.830 1942 192.168.0.100 TCP_MISS/200 22233 CONNECT >>> login.live.com:443 teste DIRECT/65.54.186.79 - ( *** ) >>> 1242425891.315 0 192.168.0.100 TCP_DENIED/407 1879 GET >>> http://c.msn.com/c.gif? - NONE/- text/html >>> 1242425891.924 606 192.168.0.100 TCP_MISS/200 559 GET >>> http://c.msn.com/c.gif? teste DIRECT/65.55.149.121 image/gif >>> 1242425892.152 0 192.168.0.100 TCP_DENIED/403 1562 CONNECT >>> local-bay.contacts.msn.com:443 teste NONE/- text/html >>> 1242425892.469 148 192.168.0.100 TCP_DENIED/403 1576 GET >>> http://rad.msn.com/ADSAdClient31.dll? teste NONE/- text/html >>> 1242425901.776 0 192.168.0.100 TCP_DENIED/403 1576 GET >>> http://rad.msn.com/ADSAdClient31.dll? teste NONE/- text/html >>> 1242425922.469 0 192.168.0.100 TCP_DENIED/403 1576 GET >>> http://rad.msn.com/ADSAdClient31.dll? teste NONE/- text/html >>> >>> >>> O que realmente bloqueia a entrada no MSN é >>> >>> login.live.com:443 >>> >>> >>> Porém, bloqueando esse termo, o HOTMAIL (quando vou fazer o login) dá o >>> seguinte erro: >>> >>> 1242426288.279 0 192.168.0.100 TCP_DENIED/403 1538 CONNECT >>> login.live.com:443 teste NONE/- text/html >>> >>> >>> Tanto o HOTMAIL quanto o MSN utilizam: login.live.com:443 >>> >>> Quanto ao bloqueio do MSN eu consegui fazer e está funcionado >>> perfeitamente... porém o HOTMAIL também para.... >>> >>> E agora ? >>> >>> Como bloquear o MSN sem bloquear o HOTMAIL ?????????????? >>> >>> Qualquer ajuda é muito bem vinda !!! >>> >>> Att, >>> >>> Armando! >>> >>> >>> >>> >>> >>> >>> 2009/5/15 Armando Barsotini Neto <[email protected]> >>> >>>> Legal.. agradeço a ajuda... >>>> Vou testar e posto os resultados... >>>> >>>> Se alguém tiver mais alguma dica e puder ajudar eu agradeço !!! >>>> >>>> Att, >>>> >>>> Armando! >>>> >>>> 2009/5/15 Nilson Chagas <[email protected]> >>>> >>>>> >>>>> >>>>> É que só li, quando vc disse que queria bloquear, e eu utilizo o >>>>> msn-proxy. >>>>> >>>>> Então os caras estavam navegando na boa. Ai tive que impedir a >>>>> navegação pela porta 80, para forçar o msn navegar pela 1863 (não lembro >>>>> se >>>>> é este numero). >>>>> >>>>> O meu caso foi um pouco diferente, pq eu tinha que liberar no squid e >>>>> deixar o msn-proxy controlar o msn. >>>>> >>>>> Talves a regra que fiz para liberar funcione para vc bloquear, segue: >>>>> >>>>> acl LIBERA_MSN url_regex -i "/etc/squid/sites/msn.txt" # Libera >>>>> MSN >>>>> http_access allow LIBERA_MSN >>>>> >>>>> cat msn.txt: >>>>> login.live.com >>>>> config.messenger.msn.com >>>>> c.msn.com >>>>> by2.omega.contacts.msn.com:443 >>>>> >>>>> >>>>> Para mim funcionou liberar, talves funcione para vc bloquear. >>>>> >>>>> >>>>> >>>>> -- >>>>> []s >>>>> Nilson Chagas - Ubuntu User 25794 >>>>> --- >>>>> Visite: >>>>> http://www.amados.com.br/podcast -> Peça gratuitamente um curso >>>>> Bíblico >>>>> http://tempodesalvacao.blogspot.com/ >>>>> http://bbnradio.org/ -> Ouça a rádio e faça gratuitamente um Curso >>>>> Biblico >>>>> >>>>> >>>>> >>>>> 2009/5/15 Armando Barsotini Neto <[email protected]> >>>>> >>>>>> >>>>>> >>>>>> Boa Tarde! >>>>>> >>>>>> Mas porque eu deveria mexer no IPTABLES, se os usuários utilizam o MSN >>>>>> normalmente ? >>>>>> As portas do MSN estão liberadas no >>>>>> >>>>>> O que eu preciso, é bloquear a utilização no SQUID !!! >>>>>> >>>>>> Não entendi ? >>>>>> >>>>>> Att, >>>>>> >>>>>> Armando >>>>>> >>>>>> 2009/5/15 Nilson Chagas <[email protected]> >>>>>> >>>>>>> >>>>>>> >>>>>>> Estou pegando o bonde andando. >>>>>>> >>>>>>> mas eu tive que criar a seguinte regra no iptables >>>>>>> >>>>>>> iptables -t nat -A PREROUTING -p tcp --dport 80 -m string --string >>>>>>> 'x-msn-messenger' --algo bm -j DROP >>>>>>> >>>>>>> Não sei se é o seu caso. >>>>>>> >>>>>>> 2009/5/15 Armando Barsotini Neto <[email protected]> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Olá.. >>>>>>>> >>>>>>>> Pessoal testei as regras abaixo para tentar o bloqueio: >>>>>>>> >>>>>>>> acl msn_usuarios proxy_auth "/opt/squid/msn_usuarios.txt" >>>>>>>> (Arquivo contendo usuário bloqueados) >>>>>>>> acl msnmessenger url_regex -i gateway.dll >>>>>>>> acl MSN req_mime_type -i ^application/x-msn-messenger$ >>>>>>>> >>>>>>>> ## msn-proxy >>>>>>>> #http_access deny msn_usuarios MSN >>>>>>>> #http_access deny msn_usuarios msnmessenger >>>>>>>> >>>>>>>> >>>>>>>> MAS NÃO FUNCIONA...... MESMO QUE O USUÁRIO ESTEJA NO ARQUIVO >>>>>>>> "MSN_USUARIOS.TXT" ELE LOGA NO MSN.... >>>>>>>> >>>>>>>> Essa regra está acima de todas.... Nega primeiro !!! >>>>>>>> >>>>>>>> Fiz da forma inversa (Libera e depois bloqueia) pois 80% da rede >>>>>>>> pode utilizar o MSN... portanto quero bloquear somente aqueles >>>>>>>> usuários que >>>>>>>> não podem acessar.... >>>>>>>> >>>>>>>> Socorro !!! >>>>>>>> >>>>>>>> Armando! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2009/5/14 Armando Barsotini Neto <[email protected]> >>>>>>>> >>>>>>>>> Boa Noite! >>>>>>>>> Agradeço a ajuda e atenção de todos... >>>>>>>>> >>>>>>>>> Estarei testando e posto os resultados logo mais... >>>>>>>>> >>>>>>>>> Att, >>>>>>>>> >>>>>>>>> Armando! >>>>>>>>> >>>>>>>>> 2009/5/14 Paulo Daniel Dorensbach <[email protected]> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Armando, eu consegui bloquear com as seguintes palavras. >>>>>>>>>> Talvez nem precise tudo, ms eu fui vendo os logs do squid e >>>>>>>>>> pegando as >>>>>>>>>> palavras que passavam quando acessava o msn, até que não consegui >>>>>>>>>> mais >>>>>>>>>> entrar. >>>>>>>>>> >>>>>>>>>> c.msn.com >>>>>>>>>> config.messenger.msn.com >>>>>>>>>> rad.msn.com >>>>>>>>>> t.msn.com >>>>>>>>>> local-bay.contacts.msn.com >>>>>>>>>> local-bay.contacts.msn.com:443 >>>>>>>>>> msnportal.112.2o7.net >>>>>>>>>> mymsn.hotmail.msn.com >>>>>>>>>> ADSAdClient31.dll >>>>>>>>>> gateway.dll >>>>>>>>>> msgr.dlservice.microsoft.com >>>>>>>>>> gateway.messenger.hotmail.com >>>>>>>>>> storage.msn.com >>>>>>>>>> messenger.hotmail.com >>>>>>>>>> edge.messenger.live.com >>>>>>>>>> www.sqm.microsoft.com >>>>>>>>>> wlsetup-cvr.exe >>>>>>>>>> >>>>>>>>>> Armando Barsotini Neto escreveu: >>>>>>>>>> >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > Olá.. >>>>>>>>>> > >>>>>>>>>> > Galera, estou com um problema... preciso bloquear o >>>>>>>>>> MSN(MESSENGER) >>>>>>>>>> > sem bloquear o HOTMAIL... (essa regra deve ser por usuário do >>>>>>>>>> squid) >>>>>>>>>> > >>>>>>>>>> > Eu cheguei a conseguir BLOQUEAR o MSN, porém, ele bloqueia junto >>>>>>>>>> o >>>>>>>>>> > site do HOTMAIL.... >>>>>>>>>> > >>>>>>>>>> > Não posso bloquear por IP de usuário (utilizando IPTABLES), pois >>>>>>>>>> meu >>>>>>>>>> > DHCP muda os endereços de tempo em tempo.... Necessito bloquear >>>>>>>>>> o >>>>>>>>>> > MSN por USUÁRIO através do SQUID sem bloquear o HOTMAIL.... >>>>>>>>>> > >>>>>>>>>> > Qualquer ajuda é bem vinda! >>>>>>>>>> > >>>>>>>>>> > Att, >>>>>>>>>> > >>>>>>>>>> > Armando! >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> +--------------------------------------------------+ >>>>>>>>>> Paulo Daniel Dorensbach >>>>>>>>>> Técnico em Redes de Computadores >>>>>>>>>> Técnico Florestal >>>>>>>>>> Usuario GNU/Linux #363631 - http://counter.li.org/ >>>>>>>>>> >>>>>>>>>> "We don't need no education" >>>>>>>>>> http://geocities.yahoo.com.br/dorensbach >>>>>>>>>> www.velocidadejusta.com.br/rfc.htm >>>>>>>>>> >>>>>>>>>> By Mozilla Thunderbird >>>>>>>>>> www.mozilla.org.br >>>>>>>>>> +--------------------------------------------------+ >>>>>>>>>> >>>>>>>>>> __________________________________________________ >>>>>>>>>> Faça ligações para outros computadores com o novo Yahoo! Messenger >>>>>>>>>> >>>>>>>>>> http://br.beta.messenger.yahoo.com/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> []s >>>>>>> Nilson Chagas - Ubuntu User 25794 >>>>>>> --- >>>>>>> Visite: >>>>>>> http://www.amados.com.br/podcast -> Peça gratuitamente um curso >>>>>>> Bíblico >>>>>>> http://tempodesalvacao.blogspot.com/ >>>>>>> http://bbnradio.org/ -> Ouça a rádio e faça gratuitamente um Curso >>>>>>> Biblico >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>> >>> >> > > -- Desde já agradeço, +++ Flávio de Oliveira Barros Manaus - Amazonas - Brasil Copiar é bom! Seja Legal Use Software Livre
