teamviewer access over all-too-common firewall .
it is convinient ,but it is dangerous to company .
in my intranet experiment ,
i manage to prevent access from windows81's teamviewer
to linux's teamviewer.
i touch squid after long iinterval , so there perhaps are mistakes . the
followings may be false illusion .
after serching internet ,my setting is next.
internet
|
|
wifi router---windows81
|
|
urtwn0 dhcp
openbsd
fxp0 192.168.64.1/24(dhcpd)
|
|
dhcp
linux
(firefox edit>preference>adavance>setting>http proxy 192.168.64.1 port 3128
1st
# ./comment-out.bat /etc/squid/squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/squid/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 432
2nd
# ./comment-out.bat
/etc/pf.conf
ext_if="urtwn0"
int_if="fxp0"
set skip on lo
set skip on {pfsync}
set reassemble yes no-df
pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1
port 3128
pass out quick from 127.0.0.1 divert-reply
3rd
linux access internet .
---
tuyosi takesima
