Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cp and skype?

    Captive Portal
    3
    11
    2922
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hsoldo last edited by

      How do I set CP so anyone can get skype working?

      Right now when I set CP everyone looses all connection to internet including skype.

      1 Reply Last reply Reply Quote 0
      • D
        dhatz last edited by

        What do you mean?

        The whole idea of the CP is to block all traffic (except any MACs, IPs and hosts explicitly white-listed) from clients, until they are properly authenticated, at which point the CP gets out of the way.

        If you want the CP to block all client traffic except Skype, I would imagine this to be very hard, considering how Skype works.

        1 Reply Last reply Reply Quote 0
        • H
          hsoldo last edited by

          well

          The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

          Does any other part of pfsense have the ability to do this job?

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            @hsoldo:

            well

            The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

            Does any other part of pfsense have the ability to do this job?

            skype use https to connect clients(just like p2p).

            To allow gmail you just need to create an alias with www.gmail.com, mail.google.com, etc.
            After you have this alias created, just apply it on lan firewall rules before rule that deny access to internet.

            1 Reply Last reply Reply Quote 0
            • D
              dhatz last edited by

              @marcelloc:

              @hsoldo:

              The idea is to block people from surfing while on workplace. The only thing I need to do is to allow them to use skype and gmail.

              skype use https to connect clients(just like p2p).

              Hmm, but if you allow all https traffic to pass (considering that iirc tcp/443 is the last resort of the Skype protocol) how would you differentiate it from e.g. https://www.facebook.com ? One solution would be to filter https URLs in Squid, which in turn would require WPAD etc.

              Btw, since the OP intends to use it in a workplace, I would point out that TCP really isn't the optimal way to carry voice data, if his link has even a small pkt loss…

              1 Reply Last reply Reply Quote 0
              • H
                hsoldo last edited by

                So you say all should be done with firewall rules and not with captive portal or should it be combination of them?
                I am new at all this so sorry if my questions sound stupid.  And for the skype part?does it mean it si possible with pfsense or not?

                1 Reply Last reply Reply Quote 0
                • H
                  hsoldo last edited by

                  Is there atleast a blacklist possibility? So i could make list of sites that cannot be reached by some users?
                  And does anyone have link to a good captive portal tutorial for pfsense 2.0.1?

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhatz last edited by

                    So you say all should be done with firewall rules and not with captive portal or should it be combination of them?

                    Yes, forget about CP.

                    If all you want is to provide people at your workplace with access to skype + gmail and block everything else, then I'd try to use L7-filtering to identify Skype traffic (however I've never actually tested it and don't know how well it performs).

                    1 Reply Last reply Reply Quote 0
                    • H
                      hsoldo last edited by

                      Give me some instructions please how to do it.
                      Btw i still have some users that must have full access to internet.

                      1 Reply Last reply Reply Quote 0
                      • D
                        dhatz last edited by

                        For Skype L7 check http://forum.pfsense.org/index.php?topic=40558.0

                        However, since you note you're new to this and assuming you have full control over the config of the various PCs using Skype, I'd suggest to avoid L7 and see if you can get Skype to use a specific port.

                        1 Reply Last reply Reply Quote 0
                        • H
                          hsoldo last edited by

                          In that case you suggest cp or firewall rules?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy