From owner-freebsd-questions  Sun Apr 19 11:53:46 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA17674
          for freebsd-questions-outgoing; Sun, 19 Apr 1998 11:53:46 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from awfulhak.org (awfulhak.demon.co.uk [158.152.17.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA17607
          for <freebsd-questions@freebsd.org>; Sun, 19 Apr 1998 18:52:53 GMT
          (envelope-from brian@Awfulhak.org)
Received: from gate.lan.awfulhak.org (localhost [127.0.0.1])
	by awfulhak.org (8.8.8/8.8.8) with ESMTP id TAA28974;
	Sun, 19 Apr 1998 19:46:18 +0100 (BST)
	(envelope-from brian@gate.lan.awfulhak.org)
Message-Id: <199804191846.TAA28974@awfulhak.org>
X-Mailer: exmh version 2.0.1 12/23/97
To: Capriotti <capriotti@geocities.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: HELP with PPP and filetring, please ! 
In-reply-to: Your message of "Sun, 19 Apr 1998 13:59:52 -0300."
             <3.0.32.19980419135439.00a4c890@pop.mpc.com.br> 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Date: Sun, 19 Apr 1998 19:46:17 +0100
From: Brian Somers <brian@Awfulhak.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id SAA17626
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Is this with the latest ppp ?  If not, get the latest from 
http://www.FreeBSD.org/~brian, otherwise you could try enabling 
command logging (set log +command) to see what's actually being 
executed.  It looks as if the ``set ifaddr'' isn't being seen.

> Sorry to ask you, but the archives are not working.
> 
> I just can't make ppp and filtering work nice.
> 
> When starting PPP with -auto, I get the following msg:
> 
> itás strange, since all the filtering is commented !
> 
> # ppp -alias -auto mp
> User Process PPP. Written by Toshiharu OHNO.
> Using interface: tun0
> Automatic Dialer mode
> Must specify dstaddr with auto, background or ddial mode.
> bash-2.01#
> 
> 
> 
> My ppp.conf is as follows:
> 
> 
> default:
>  set device /dev/cuaa1
>  set speed 115200
>  disable pred1
>  deny pred1
>  disable lqr
>  deny lqr
>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0L0 OK-AT-OK
>  \\dATDP\\T TIMEOUT 40 CONNECT"
>  set redial 5 10
>  set log Phase Chat Connect Carrier hdlc LCP IPCP CCp tun
> #################
> #
> #################
> mp:
> 
> #### Set FILTERing
> 
> # Don't keep Alive with ICMP,DNS and RIP packets
> #
> # set afilter 0 deny icmp
> # set afilter 1 deny udp src eq 53
> # set afilter 2 deny udp dst eq 53
> # set afilter 3 deny udp src eq 520
> # set afilter 4 deny udp dst eq 520
> # set afilter 5 permit 0/0 0/0
> #
> # Don't let ICMP packets cause us to dial
> #
> # set dfilter 0 deny icmp
> # set dfilter 1 permit 0/0 0/0
> #
> #
> # Allow ident packets to pass through
> #
> # set ifilter 0 permit tcp dst eq 113
> # set ofilter 0 permit tcp src eq 113
> #
> # DO NOT Allow telnet connections to the Internet
> #
> # set ifilter 1 deny tcp src eq 23 estab
> # set ofilter 1 deny tcp dst eq 23
> #
> # Allow ftp access to the Internet
> #
> # set ifilter 2 permit tcp src eq 21 estab
> # set ofilter 2 permit tcp dst eq 21
> # set ifilter 3 permit tcp src eq 20 dst gt 1023 
> # set ofilter 3 permit tcp dst eq 20
> #
> # Allow access to any DNS
> #
> # set ifilter 4 permit udp src eq 53
> # set ofilter 4 permit udp dst eq 53
> #
> # DO NOT Allow access from/to my company network
> #
> # set ifilter 5 deny 192.244.191.0/24 0/0
> # set ofilter 5 deny 0/0 192.244.191.0/24
> #
> # Allow ping and traceroute response
> #
> # set ifilter 6 permit icmp
> # set ofilter 6 permit icmp
> # set ifilter 7 permit udp dst gt 33433
> # set ofilter 7 permit udp dst gt 33433
> #
> # Deny dialing for some stupid reasons like DNS LOOKUP, according to
> # http://www.FreeBSD.org/FAQ/FAQ142.html#142
> #
> # set dfilter 2 deny udp src eq 53
> # set dfilter 3 deny udp dst eq 53
> # set dfilter 4 permit 0/0 0/0
> #
> # Set log on for trafic. I just don't know where should I find the log file.
> #
> #  set log +tcp/ip
> #
> 
> #### End set filtering
> 
> 
>  set phone 2541855
>  set login "TIMEOUT 15 blablabla" 
>  set authname loginname
>  set authkey passwd
>  set timeout 600
>  set openmode active
>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0
>  delete ALL
>  add 0 0 HISADDR
> #
> ####
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message