Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 May 2001 11:24:10 +0100 (BST)
From:      Andrew Gordon <arg@arg1.demon.co.uk>
To:        Harry Kroonen <h.kroonen@brinktech.nl>
Cc:        <freebsd-isdn@FreeBSD.ORG>
Subject:   Re: (newbie) Idletime disconnect 
Message-ID:  <20010530111759.M92263-100000@server.arg.sj.co.uk>
In-Reply-To: <3B14BEF6.5005.29BE979@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 30 May 2001, Harry Kroonen wrote:
>
> I'm running (kernel) i4b on a FreeBSD gateway for my LAN, only using
> dialup, with IPFilter for the firewall/NAT stuff.
>
> Incoming packets that are blocked by IPFilter do reset the idletime
> disconnect counter, so when a random host on the internet keeps on trying
> to connect to my system, disconnect doesn't happen for _quite_a_while_,
> driving up my phonebill unneccessarily.
>
> I guess the way to handle this is to put some counter on the firewall traffic,
> and use that to decide on disconnecting, and not use the idletime counter.

One option is to use /usr/sbin/ppp rather than the built-in i4bisppp (or
ipr, whichever you are using now).  /usr/sbin/ppp has its own firewall
features, and in particular has separate filters for which packets are
allowed to cause a connection to be dialled, and which packets cause the
connection to be kept alive (ie. reset the timeout).

You can still use ipf or ipfw for your main firewall: just leave the "in"
and "out" filters on ppp wide open, and set the "dial" and "alive" filters
to suit your purposes.

I have used this in the past to allow sensible use of ntpd with a
dial-on-demand link: the ntp packets are allowed through the firewall, but
blocked from the dial/alive filters, so ntpd won't keep the connection
dialled up all day, but whenever I happen to be online for other purposes
the ntp packets can then get through and keep the clocks up to date.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010530111759.M92263-100000>