From owner-freebsd-current  Wed Jul 28  9:55:57 1999
Delivered-To: freebsd-current@freebsd.org
Received: from ipt2.iptelecom.net.ua (ipt2.iptelecom.net.ua [212.42.68.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7276B14E8E
	for <current@freebsd.org>; Wed, 28 Jul 1999 09:55:46 -0700 (PDT)
	(envelope-from sobomax@altavista.net)
Received: from vega. (dialup3-19.iptelecom.net.ua [212.42.69.210])
	by ipt2.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id UAA24074
	for <current@freebsd.org>; Wed, 28 Jul 1999 20:00:33 +0300 (EEST)
Received: from altavista.net (big_brother [192.168.1.1])
	by vega. (8.9.3/8.9.3) with ESMTP id TAA17453
	for <current@freebsd.org>; Wed, 28 Jul 1999 19:52:18 +0300 (EEST)
	(envelope-from sobomax@altavista.net)
Message-ID: <379F3541.1A52F974@altavista.net>
Date: Wed, 28 Jul 1999 19:52:17 +0300
From: Maxim Sobolev <sobomax@altavista.net>
Reply-To: sobomax@altavista.net
Organization: Vega International Capital
X-Mailer: Mozilla 4.61 [en] (WinNT; I)
X-Accept-Language: ru,uk,en
MIME-Version: 1.0
To: current@freebsd.org
Subject: Strange ppp dial filter failure.
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Today I've discovered that dial rules not always executed correctly. In
the example above request from 212.42.69.214 should not be blocked
because 212.42.69.214 is in fact MYADDR! I'm using ppp from -current
cvsup'ed and built today (-auto -alias). And what is really strange that
this not always the case (in most cases it not blocking this packets and
dials just fine).

Following is the log:

TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 212.42.69.214:3604 ---> 212.42.68.2:53 - BLOCKED
ppp ON vega> q
Connection closed
sh-2.03# ifconfig -a
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:40:05:3b:1c:23
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 212.42.69.214 --> 212.42.68.4 netmask 0xffffffff
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

Relevant pieces from ppp.conf:

disable sroutes
 set filter dial 0  deny   0/0            0/0 tcp syn
 set filter dial 1  deny   0/0            0/0 tcp finrst
 set filter dial 2  permit MYADDR         0/0 udp dst eq 3130
 set filter dial 3  permit MYADDR         0/0 udp dst eq 53
 set filter dial 4  permit MYADDR         0/0 tcp dst eq 25
 set filter dial 5  permit 0/0            0/0 udp dst eq 2074


Sincerely,

Maxim
--
"We believe in the Power and the Might!"
                        (Manowar, 1996)
----------------------------------------
Maxim V. Sobolev, Financial Analyst,
Vega International Capital
Phone: +380-(44)-246-6396
Fax: +380-(44)-220-8715
E-mail: sobomax@altavista.net
ICQ: #42290709
----------------------------------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message