Cp and skype?



  • How do I set CP so anyone can get skype working?

    Right now when I set CP everyone looses all connection to internet including skype.



  • What do you mean?

    The whole idea of the CP is to block all traffic (except any MACs, IPs and hosts explicitly white-listed) from clients, until they are properly authenticated, at which point the CP gets out of the way.

    If you want the CP to block all client traffic except Skype, I would imagine this to be very hard, considering how Skype works.



  • well

    The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

    Does any other part of pfsense have the ability to do this job?



  • @hsoldo:

    well

    The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

    Does any other part of pfsense have the ability to do this job?

    skype use https to connect clients(just like p2p).

    To allow gmail you just need to create an alias with www.gmail.com, mail.google.com, etc.
    After you have this alias created, just apply it on lan firewall rules before rule that deny access to internet.



  • @marcelloc:

    @hsoldo:

    The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

    skype use https to connect clients(just like p2p).

    Hmm, but if you allow all https traffic to pass (considering that iirc tcp/443 is the last resort of the Skype protocol) how would you differentiate it from e.g. https://www.facebook.com ? One solution would be to filter https URLs in Squid, which in turn would require WPAD etc.

    Btw, since the OP intends to use it in a workplace, I would point out that TCP really isn't the optimal way to carry voice data, if his link has even a small pkt loss…



  • So you say all should be done with firewall rules and not with captive portal or should it be combination of them?
    I am new at all this so sorry if my questions sound stupid.  And for the skype part?does it mean it si possible with pfsense or not?



  • Is there atleast a blacklist possibility? So i could make list of sites that cannot be reached by some users?
    And does anyone have link to a good captive portal tutorial for pfsense 2.0.1?



  • So you say all should be done with firewall rules and not with captive portal or should it be combination of them?

    Yes, forget about CP.

    If all you want is to provide people at your workplace with access to skype + gmail and block everything else, then I'd try to use L7-filtering to identify Skype traffic (however I've never actually tested it and don't know how well it performs).



  • Give me some instructions please how to do it.
    Btw i still have some users that must have full access to internet.



  • For Skype L7 check http://forum.pfsense.org/index.php?topic=40558.0

    However, since you note you're new to this and assuming you have full control over the config of the various PCs using Skype, I'd suggest to avoid L7 and see if you can get Skype to use a specific port.



  • In that case you suggest cp or firewall rules?


Log in to reply