Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Aug 1998 20:18:17 -0500
From:      Dan Nelson <dnelson@emsphone.com>
To:        Nick Folino <nickf@ptd.net>, "'FreeBSD Questions'" <questions@FreeBSD.ORG>
Subject:   Re: ppp -auto -alias question
Message-ID:  <19980819201817.A2001@emsphone.com>
In-Reply-To: <01BDCBAE.F3519500.nickf@ptd.net>; from "Nick Folino" on Wed Aug 19 20:21:29 GMT 1998
References:  <01BDCBAE.F3519500.nickf@ptd.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (Aug 19), Nick Folino said:
> I've been having this problem for over a year now and hopefully
> someone can help.
> 
> I run ppp -auto -alias internet from /etc/rc.local.
> It dials out, connects and works fine.  The problem is it never wants to 
> hang up!
> Even after it times out, it just redials right away, even if there's 
> nothing else turned on on the network.
> The only thing this computer runs all the time is sendmail, sshd, apache, 
> and dhcpd.
> 
> Could any of these be causing it to want to be online?  I know
> sendmail isn't trying to send anything because another machine is the
> default SMTP server.

A great way to debug things like this is to run tcpdump on your tunnel
device.

tcpdump -n -i tun0

Wait for the line to drop and come back up.  Then take a look at the
timestamps from tcpdump and the ppp logfile to determine which packet
triggered the dialout.  Once you find the offender, filter it with a
dial filter.  I have my ppp set up this way:

# Don't reset keep alive timer on ICMP, DNS, NTP, or RC5 packets
 set filter alive 0 deny icmp
 set filter alive 1 deny udp src eq 53
 set filter alive 2 deny udp dst eq 53
 set filter alive 3 deny udp src eq 123
 set filter alive 4 deny udp dst eq 123
 set filter alive 5 deny tcp dst eq 2064
 set filter alive 6 permit 0/0 0/0
# Don't let ICMP or NTP packets cause us to dial
 set filter dial 0 deny icmp
 set filter dial 1 deny udp src eq 123
 set filter dial 2 deny udp dst eq 123
 set filter dial 3 permit 0/0 0/0

Sendmail is fond of doing DNS lookups (for MX lookups), so you might
want to add DNS packets to your dial filter.

	-Dan Nelson
	dnelson@emsphone.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980819201817.A2001>