Date: Tue, 27 Feb 2001 17:50:41 -0500 From: Bob Johnson <bob@eng.ufl.edu> To: jkonecn@green-mfg.com Cc: questions@freebsd.org Subject: Re: block realaudio Message-ID: <3A9C2F41.1BCA96CB@eng.ufl.edu>
next in thread | raw e-mail | index | archive | help
> > Date: Tue, 27 Feb 2001 13:29:18 -0500 > From: Joe Konecny <jkonecn@green-mfg.com> > Subject: Re: block realaudio > > I don't see either of these listed. Real Audio is configured > to "auto-configure". I suppose that means it will find a port > to use automatically? If so that presents a problem. > Yes, Real Audio tries very hard to get around firewalls. I think that outgoing requests are directed to port 80 on the server and look like normal web page requests, and that as a last resort it tries sending the data back to you as an HTTP response, again so it looks like a web page. If that is true, you will have a hard time blocking it without blocking web servers in general. Even if that is not entirely accurate, it tries a lot of different things so you will probably need to set up your firewall to block everything by default, and then allow only specific services into your network. That's really the only effective way to run a firewall, anyway. Many, many examples of scripts that would be a good starting point have been posted to these lists and published elsewhere, so reading through them should give you some idea of where to start. RealAudio's web site, has instructions on how to set up a firewall to work with their servers. You might read that information and then do the opposite, i.e. where they say "do one of the following", make sure you are blocking all of those options. See http://service.real.com/firewall/adminfw.html and http://service.real.com/firewall/adminrs.html It might be possible to block the specific servers your users are using by IP number, but that depends on their listening habits. - Bob > Mikel King wrote: > > > > Typically... > > > > rtsp:554 > > pna:7070 > > > > Cheers, > > mikel > > > > Ben wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Yes, find the port number for RealAudio and put a rule to deny log > > > that port going outbound. > > > > > > - ----- Original Message ----- > > > From: "Joe Konecny" <jkonecn@green-mfg.com> > > > To: "FreeBSD List" <freebsd-questions@FreeBSD.ORG> > > > Sent: Tuesday, February 27, 2001 11:57 AM > > > Subject: block realaudio > > > > > > > Is there any way I can block users access to using realaudio? > > > > > > > > Our users constantly tie up bandwidth with that stuff. > > > > > > > > I'm using ipfw and natd currently with ipfw set to open. > > > > > > > > Any help is appreciated! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9C2F41.1BCA96CB>