[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: access to icq

On Tue, Jun 26, 2001 at 11:45:39AM +0700, Abu H R wrote:
> In squid 2.4, i don't know why the client still be able
> connect to icq, even the port to http was blocked.
> how the icq work and use what port?

ICQ has nothing to do with Squid.  ICQ uses port 4000 and also
some others AFAIK.  If ICQ still works, it means you have
routing enabled.

You said your network looks like this, right?


If you want to stop the users talking to things on the Internet,
then disable IP forwarding on the Squid box (and set the policy
for the forward chain to "DENY" (or "DROP") or "REJECT" for good

If you want to stop it just for certain users, you'll need to
keep IP forwarding enabled and set up firewalling rules to block
certain IP addresses.

Another thing you might try:  ICQ supports using a socks proxy.
You can install Dante (socks 4/5 proxy) and configure it to
allow certain IP addresses and not others.

Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to: