Date: Wed, 28 Feb 2001 08:02:38 -0500 From: Mikel King <mikel@ocsinternet.com> To: "E. Jordan Bojar" <bojar@intersys.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: block realaudio Message-ID: <3A9CF6EE.A803384B@ocsinternet.com> References: <01Feb27.150450est.115283@gateway.intersys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe,
I would have to concur with Jordan on this one...You could even go so far
as to use a
'${fcmd} add deny all log any to any in via ${iif}'. Providing of course that
iif is your inside interface and that you are have logging enabled you could
now grep for your inside ip block and see exactly what is going out from your
users, for starters...
Cheers,
Mikel
"E. Jordan Bojar" wrote:
> Joe--
>
> If you're going to be restricting your userbase to begin with (and that's
> your choice, obviously), you may want to consider blocking everything, then
> allowing only explicit services. I've seen networks where blocking Napster
> alone would've returned 30% of their bandwidth. Then you can open services
> back up as required/requested.
>
> --
>
> E. Jordan Bojar
>
> ----- Original Message -----
> From: "Mikel King" <mikel@ocsinternet.com>
> To: "Joe Konecny" <jkonecn@green-mfg.com>
> Cc: "Ben" <ben@cahostnet.com>; "FreeBSD List"
> <freebsd-questions@FreeBSD.ORG>
> Sent: Tuesday, February 27, 2001 2:58 PM
> Subject: Re: block realaudio
>
> > These are the default ports that server sends on. I have a couple of
> > realservers running on fBSD and these are the standard ports used for
> these
> > types of broadcasts.
> >
> > rtsp and pna will try to connect via tcp and udp...in addition there are
> some
> > custom config ports for udp connectrions on 7070, 8200, 3030-3036 as well.
> >
> > I hope that helps clarify things a bit...
> >
> > Cheers,
> > mikel
> >
> > Joe Konecny wrote:
> >
> > > I don't see either of these listed. Real Audio is configured
> > > to "auto-configure". I suppose that means it will find a port
> > > to use automatically? If so that presents a problem.
> > >
> > > Mikel King wrote:
> > > >
> > > > Typically...
> > > >
> > > > rtsp:554
> > > > pna:7070
> > > >
> > > > Cheers,
> > > > mikel
> > > >
> > > > Ben wrote:
> > > >
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > Yes, find the port number for RealAudio and put a rule to deny log
> > > > > that port going outbound.
> > > > >
> > > > > - ----- Original Message -----
> > > > > From: "Joe Konecny" <jkonecn@green-mfg.com>
> > > > > To: "FreeBSD List" <freebsd-questions@FreeBSD.ORG>
> > > > > Sent: Tuesday, February 27, 2001 11:57 AM
> > > > > Subject: block realaudio
> > > > >
> > > > > > Is there any way I can block users access to using realaudio?
> > > > > >
> > > > > > Our users constantly tie up bandwidth with that stuff.
> > > > > >
> > > > > > I'm using ipfw and natd currently with ipfw set to open.
> > > > > >
> > > > > > Any help is appreciated!
> > > > > >
> > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > > with "unsubscribe freebsd-questions" in the body of the message
> > > > >
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: PGPfreeware 7.0.3 for non-commercial use
> <http://www.pgp.com>;
> > > > >
> > > > > iQA/AwUBOpveYQht7rD8NlhDEQLoBACg1hkYeDYe350nKAkXt/s/vHmlQJcAoNcR
> > > > > KDGSCR/U4k/KbaZns/F/73f/
> > > > > =dgrL
> > > > > -----END PGP SIGNATURE-----
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9CF6EE.A803384B>