Date: Sun, 19 Apr 1998 19:46:17 +0100 From: Brian Somers <brian@Awfulhak.org> To: Capriotti <capriotti@geocities.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: HELP with PPP and filetring, please ! Message-ID: <199804191846.TAA28974@awfulhak.org> In-Reply-To: Your message of "Sun, 19 Apr 1998 13:59:52 -0300." <3.0.32.19980419135439.00a4c890@pop.mpc.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Is this with the latest ppp ? If not, get the latest from http://www.FreeBSD.org/~brian, otherwise you could try enabling command logging (set log +command) to see what's actually being executed. It looks as if the ``set ifaddr'' isn't being seen. > Sorry to ask you, but the archives are not working. > > I just can't make ppp and filtering work nice. > > When starting PPP with -auto, I get the following msg: > > itás strange, since all the filtering is commented ! > > # ppp -alias -auto mp > User Process PPP. Written by Toshiharu OHNO. > Using interface: tun0 > Automatic Dialer mode > Must specify dstaddr with auto, background or ddial mode. > bash-2.01# > > > > My ppp.conf is as follows: > > > default: > set device /dev/cuaa1 > set speed 115200 > disable pred1 > deny pred1 > disable lqr > deny lqr > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0L0 OK-AT-OK > \\dATDP\\T TIMEOUT 40 CONNECT" > set redial 5 10 > set log Phase Chat Connect Carrier hdlc LCP IPCP CCp tun > ################# > # > ################# > mp: > > #### Set FILTERing > > # Don't keep Alive with ICMP,DNS and RIP packets > # > # set afilter 0 deny icmp > # set afilter 1 deny udp src eq 53 > # set afilter 2 deny udp dst eq 53 > # set afilter 3 deny udp src eq 520 > # set afilter 4 deny udp dst eq 520 > # set afilter 5 permit 0/0 0/0 > # > # Don't let ICMP packets cause us to dial > # > # set dfilter 0 deny icmp > # set dfilter 1 permit 0/0 0/0 > # > # > # Allow ident packets to pass through > # > # set ifilter 0 permit tcp dst eq 113 > # set ofilter 0 permit tcp src eq 113 > # > # DO NOT Allow telnet connections to the Internet > # > # set ifilter 1 deny tcp src eq 23 estab > # set ofilter 1 deny tcp dst eq 23 > # > # Allow ftp access to the Internet > # > # set ifilter 2 permit tcp src eq 21 estab > # set ofilter 2 permit tcp dst eq 21 > # set ifilter 3 permit tcp src eq 20 dst gt 1023 > # set ofilter 3 permit tcp dst eq 20 > # > # Allow access to any DNS > # > # set ifilter 4 permit udp src eq 53 > # set ofilter 4 permit udp dst eq 53 > # > # DO NOT Allow access from/to my company network > # > # set ifilter 5 deny 192.244.191.0/24 0/0 > # set ofilter 5 deny 0/0 192.244.191.0/24 > # > # Allow ping and traceroute response > # > # set ifilter 6 permit icmp > # set ofilter 6 permit icmp > # set ifilter 7 permit udp dst gt 33433 > # set ofilter 7 permit udp dst gt 33433 > # > # Deny dialing for some stupid reasons like DNS LOOKUP, according to > # http://www.FreeBSD.org/FAQ/FAQ142.html#142 > # > # set dfilter 2 deny udp src eq 53 > # set dfilter 3 deny udp dst eq 53 > # set dfilter 4 permit 0/0 0/0 > # > # Set log on for trafic. I just don't know where should I find the log file. > # > # set log +tcp/ip > # > > #### End set filtering > > > set phone 2541855 > set login "TIMEOUT 15 blablabla" > set authname loginname > set authkey passwd > set timeout 600 > set openmode active > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 > delete ALL > add 0 0 HISADDR > # > #### > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804191846.TAA28974>