Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    blocking teamviewer

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wesleylc1 Rebel Alliance
      last edited by wesleylc1

      Friends, good afternoon.
      I made a configuration of two policies, first releasing some computers, then blocking my subnet for "teamviewr", but the first rule is not working.

      Can anyone explain what I do wrong?

      0_1539628570311_Captura de tela de 2018-10-15 15-35-49.png

      0_1539628744480_allow_teamviewer.png

      0_1539628750234_Captura de tela de 2018-10-15 15-38-46.png

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Establish a connection on a PC where it should not work, normally.
        Launch a heavy task like a transfer.

        Use pfSense network graph monitor to see who communicates with who - on one side your IP, on the other an IP (from TeamViewer) that your didn't yet included in your block list.

        IPv6 ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • W
          wesleylc1 Rebel Alliance
          last edited by

          Below are my rules.

          1_1539629328798_Captura de tela de 2018-10-15 15-47-45.png 0_1539629328798_Captura de tela de 2018-10-15 15-48-34.png

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            You think those are the only fqdn involved in access teamviewer? Where did you get that info from?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            W 1 Reply Last reply Reply Quote 0
            • W
              wesleylc1 Rebel Alliance @johnpoz
              last edited by

              @johnpoz said in blocking teamviewer:

              You think those are the only fqdn involved in access teamviewer? Where did you get that info from?

              John, I can not guarantee if they are the only ones, but the blocking rule is working.
              I'm just having problems with the release rule for some computers.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                what are the rest of your rules?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                W 1 Reply Last reply Reply Quote 0
                • W
                  wesleylc1 Rebel Alliance @johnpoz
                  last edited by

                  @johnpoz said in blocking teamviewer:

                  what are the rest of your rules?

                  See below.

                  When adding the host in the "HOSTS_LIBERADOS" rule, it has access to the "teamviewer", but this rule releases everything

                  0_1539630044757_Captura de tela de 2018-10-15 15-58-42.png

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    LIke I said where did you get that idea that allowing your clients to masterX.teamviewer.com would allow teamviewer to work?

                    There are hundreds of IP and fqdn used when connecting t teamviewer, you can never be sure what its going to need to resolver or connect to... So a rule that just allows access to masterX is prob not going to allow access. And to be honest I doubt it will block access either.

                    teamviewer is a nasty little thing to try and block - it will go out on 80/443 and will do its own dns and use IP directly, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    W 1 Reply Last reply Reply Quote 0
                    • W
                      wesleylc1 Rebel Alliance @johnpoz
                      last edited by

                      @johnpoz said in blocking teamviewer:

                      LIke I said where did you get that idea that allowing your clients to masterX.teamviewer.com would allow teamviewer to work?
                      There are hundreds of IP and fqdn used when connecting t teamviewer, you can never be sure what its going to need to resolver or connect to... So a rule that just allows access to masterX is prob not going to allow access. And to be honest I doubt it will block access either.
                      teamviewer is a nasty little thing to try and block - it will go out on 80/443 and will do its own dns and use IP directly, etc.

                      I understand,
                      do you use any way to block access to "teamviewer"?

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        No ;) I use even from work with a proxy ;)... Like i said its difficult to block!! When you allow normal internet access.

                        Since you seem pretty much block all internet anyway.. Your not really looking to block it.. Your looking to what needs to be open to allow it.

                        https://community.teamviewer.com/t5/TeamViewer-General/Manually-allow-teamviewer-on-NG-next-generation-firewalls/td-p/4941

                        Allow the port 5938 and *.teamviewer.com

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        W 1 Reply Last reply Reply Quote 0
                        • W
                          wesleylc1 Rebel Alliance @johnpoz
                          last edited by wesleylc1

                          @johnpoz

                          https://community.teamviewer.com/t5/TeamViewer-13/FQDN-list/td-p/45695

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by johnpoz

                            And where is she getting that info from.. Where does teamviewer state that??

                            https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139

                            They again list *.teamviewer.com

                            Because some IPs came back with PTR with that forward name doesn't mean anything..

                            Since it looks like your blocking internet in general, as long as you allow your machines out on 5938 and don't prevent them from looking up dns they should be able to access teamviewer..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            W 1 Reply Last reply Reply Quote 0
                            • W
                              wesleylc1 Rebel Alliance @johnpoz
                              last edited by

                              @johnpoz said in blocking teamviewer:

                              They again list *.teamviewer.com

                              image below, it is from a computer that does not connect, so we can validate that the addresses are valid, but anyway I am not able to use the same addresses to create a releasing rule ..

                              0_1539634253299_Captura de tela de 2018-10-15 17-07-00.png

                              1 Reply Last reply Reply Quote 0
                              • W
                                wesleylc1 Rebel Alliance
                                last edited by

                                @PiBa

                                Fixed, with permissive / negative rules target to port 5938

                                0_1539874338599_Captura de tela de 2018-10-18 11-51-48.png

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.