Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jul 1999 19:52:17 +0300
From:      Maxim Sobolev <sobomax@altavista.net>
To:        current@freebsd.org
Subject:   Strange ppp dial filter failure.
Message-ID:  <379F3541.1A52F974@altavista.net>
next in thread | raw e-mail | index | archive | help 
Today I've discovered that dial rules not always executed correctly. In
the example above request from 212.42.69.214 should not be blocked
because 212.42.69.214 is in fact MYADDR! I'm using ppp from -current
cvsup'ed and built today (-auto -alias). And what is really strange that
this not always the case (in most cases it not blocking this packets and
dials just fine).

Following is the log:

TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 212.42.69.214:3604 ---> 212.42.68.2:53 - BLOCKED
ppp ON vega> q
Connection closed
sh-2.03# ifconfig -a
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:40:05:3b:1c:23
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 212.42.69.214 --> 212.42.68.4 netmask 0xffffffff
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

Relevant pieces from ppp.conf:

disable sroutes
 set filter dial 0  deny   0/0            0/0 tcp syn
 set filter dial 1  deny   0/0            0/0 tcp finrst
 set filter dial 2  permit MYADDR         0/0 udp dst eq 3130
 set filter dial 3  permit MYADDR         0/0 udp dst eq 53
 set filter dial 4  permit MYADDR         0/0 tcp dst eq 25
 set filter dial 5  permit 0/0            0/0 udp dst eq 2074


Sincerely,

Maxim
--
"We believe in the Power and the Might!"
                        (Manowar, 1996)
----------------------------------------
Maxim V. Sobolev, Financial Analyst,
Vega International Capital
Phone: +380-(44)-246-6396
Fax: +380-(44)-220-8715
E-mail: sobomax@altavista.net
ICQ: #42290709
----------------------------------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?379F3541.1A52F974>