• April 24, 2024, 10:52:11 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Help Blocking IM & P2P with DFL-210  (Read 6627 times)

locsom20

  • Level 1 Member
  • *
  • Posts: 5
Help Blocking IM & P2P with DFL-210
« on: June 04, 2009, 10:07:49 AM »
I´m traying to configure the blocking IM & P2P in my DFL-210, but I dont kow how to do this, in the datasheet I read that this specific blocking is possible but I only find the java applets bloking and activex blocking but nothing about IM or P2P.
Its possible this kind of bloking in the DFL-210 firewall??  ??? Please some help whit this.....

*** edited by Fatman to fix the spelling in the subject.
« Last Edit: June 04, 2009, 10:14:06 AM by Fatman »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help Blocking IM & P2P with DFL-210
« Reply #1 on: June 04, 2009, 10:13:30 AM »
You can block any traffic you can designate via services, or you can block any traffic you don't designate with services (more secure).

The best way to do what you need to do would be to enumerate every allowed outbound service above a default drop.

Then ensure an ALG is applied for every outbound service possible to catch the simplest level of monkey business with common ports.

This won't help if the program can hide it's traffic in valid traffic for an allowed outbound port though.  I know skype is good at hiding on port 80, but if it does so and communicates inside valid HTTP headers (which may be the case, I wouldn't know) then our ALG is not going to catch it.

Truthfully to be more complete than that you would want a layer 7 gateway.

*** edited by Fatman to fix the spelling in the subject.
Logged
non progredi est regredi

locsom20

  • Level 1 Member
  • *
  • Posts: 5
Re: Help Blocking IM & P2P with DFL-210
« Reply #2 on: June 05, 2009, 03:02:17 PM »
Thanks for the answer :D, I block all the tcp/udp ports, and open only the necesary ones. All is working now ;D
Logged

DL1NKUSER

  • Guest
Re: Help Blocking IM & P2P with DFL-210
« Reply #3 on: July 20, 2009, 11:05:56 PM »
Just a quick question. Do D-Link make a Layer 7 gateway & if so what is the model range? Thank you.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help Blocking IM & P2P with DFL-210
« Reply #4 on: July 22, 2009, 10:30:01 AM »
The only one that might still be available is the DFL-M510.
Logged
non progredi est regredi

silica

  • Level 1 Member
  • *
  • Posts: 6
Re: Help Blocking IM & P2P with DFL-210
« Reply #5 on: January 26, 2010, 02:00:50 AM »
How do you block all the TCP/UDP Ports? And then I open the port 80? for surfing or is this not enough? I need e-mail, and web browsing to work... thats it.. the rest should not work, P2P, skype, spotify, etc...

Thanks.
Robert
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help Blocking IM & P2P with DFL-210
« Reply #6 on: January 26, 2010, 10:07:49 AM »
Create a rule rejecting all services then above it create rules NAT'ing the following services.  I would recommend creating a service group with all these services so that you will only need 2 rules.

ICMP
21 TCP FTP
25 TCP SMTP
53 TCP/UDP DNS
80 TCP HTTP
110 TCP POP3
443 TCP HTTPS

*** Modified by Fatman, because he forgot Poland ICMP. ***
Logged
non progredi est regredi