Date: 25 Sep 00 11:01:36 CST From: Eduardo Huertas <eduhuertas@usa.net> To: zulkarnain <zul@unsyiah.ac.id> Cc: Willem Brown <willem@brwn.org>, pstapley <pstapley@rapidnet.com>, freebsd-questions@FreeBSD.org Subject: Re: ppp -auto -nat myisp Message-ID: <20000925170137.25167.qmail@www0r.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
Hi Zul
The default section of /etc/ppp/ppp.conf as I have in this moment is as
bellow:
default:
set log Phase Chat LCP IPCP CCP tun command
set log +tcp/ip
set device /dev/cuaa0
set speed 115200
disable lqr
deny lqr
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \
OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
set timeout 300
set ifaddr 205.161.189.1/0 205.161.189.2/0 255.255.255.0
add default HISADDR
set reconnect 3 20
allow users eduardo
set server +3000 diagnostico
#
# If we don't want ICMP and DNS packets to keep the connection alive:
#
set filter alive 0 deny icmp
# set filter alive 1 deny udp src eq 53
# set filter alive 2 deny udp dst eq 53
=
# Blocking from nmbd process
set filter alive 1 deny udp src eq 137
set filter alive 2 deny udp src eq 138
set filter alive 3 deny udp src eq 139
set filter alive 4 permit 0 0
#
#
# And we don't want ICMPs to cause a dialup:
set filter dial 0 deny icmp
# or any TCP SYN or RST packets (badly closed TCP channels):
set filter dial 1 deny 0 0 tcp syn finrst
# DNS lookups
# set filter dial 2 deny udp src eq 53
# set filter dial 3 deny udp dst eq 53
# DNS lookups from Windows machines
set filter dial 2 deny udp src eq 137 # NetBIOS name service =
set filter dial 3 deny udp src eq 138 # NetBIOS datagram service =
set filter dial 4 deny udp src eq 139 # NetBIOS session service =
set filter dial 5 deny udp dst eq 137 # NetBIOS name service =
set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service =
set filter dial 7 deny udp dst eq 139 # NetBIOS session service =
set filter dial 8 permit 0/0 0/0
As you can see I commented the DNS lookups part, because when I wated to =
pop
my ISP, the packets were BLOCKED because of the use of 53 port.
My problem was to block DNS lookups from SMB packets, ports 137, 138 and =
139. =
And these filers work for that.
Thanks a lot LIST.
-edu-
zulkarnain <zul@unsyiah.ac.id> wrote:
> =
> now please send us your final configuration :)
> =
> regards,
> zul
> =
> On 22 Sep 2000, Eduardo Huertas wrote:
> =
> > EXCELLENT!
> > =
> > Everything is super OK now.
> > =
> > Thanks a lot Willem and Pete.
> > =
> > Se los agradezco mucho :-)
> > =
> > -edu-
> =
> =
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=3D=
1
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000925170137.25167.qmail>