Date: Wed, 14 Jul 1999 01:00:23 +0100 From: Brian Somers <brian@Awfulhak.org> To: MICHAEL_HEITMEIER@HP-Germany-om12.om.hp.com Cc: freebsd-questions@FreeBSD.ORG, HEITMEIER_MICHAEL/HP-Germany_om12@isoit644.bbn.hp.com Subject: Re: PPP and Filter Setup Question Message-ID: <199907140000.BAA78516@dev.lan.awfulhak.org> In-Reply-To: Your message of "Tue, 13 Jul 1999 11:11:43 %2B0200." <H0000d7d05919851@MHS>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, You're better off using ``dst eq 137'', and while you're there, block 138 & 139 too. This prevents connections against the eventuality that libalias will renumber the source port... Everything is now getting blocked because the default rule (assuming *any* rules are specified) is to block packets that fall out the end. You need a set filter dial 1 permit 0 0 to let things drop through by default. > Hi all, > > to keep my NT laptop from dialing my ISP when it's connected to my home > network I enabled TCP/IP logging in /etc/ppp/ppp.conf and duly received > the following log entry: > Jul 12 21:07:11 gimli ppp[7478]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:137 ---> > 15.180.3.114:137 > > Gimli is the gateway, 10.0.0.4 is the address of the laptop in my home > environment. I tried to find out what process still wants to access 15... > but did not find anything, certainly nothing I can see from my network > configuration (DNS and WINS are disabled), the only gateway is 10.0.0.1 > (gimli). > > Based on this I set the following entry in /etc/ppp/ppp.conf: > set filter dial 0 deny udp src eq 137 > > At first (when the laptop adapter indicated it was accessing the network) > it looked like success when ppp did not dial, but then I found that this > filter apparently blocked ALL dial out traffic... :-( > > Jul 12 22:07:50 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:1046 > ---> 15.181.150.30:53 - BLOCKED > Jul 12 22:09:15 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:137 ---> > 15.128.15.115:137 - BLOCKED > Jul 12 22:34:44 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.2:1029 > ---> 145.253.2.11:53 - BLOCKED > > > What am I doing wrong? There is very little information about the > definition of 'src' in man ppp so I'm not sure if what I'm doing is even > correct. What are the numbers behind the IP address anyway (1046,137,1029)? > > > Thanks for any help, > > Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907140000.BAA78516>