From owner-freebsd-questions Sat Jun 17 20:58:37 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.bayouhome.net (ns1.bayouhome.net [64.29.16.147]) by hub.freebsd.org (Postfix) with ESMTP id 6D11D37B55D for <questions@FreeBSD.ORG>; Sat, 17 Jun 2000 20:58:33 -0700 (PDT) (envelope-from glennpj@bayouhome.net) Received: from gforce.johnson.home (p722.accesscom.net [206.160.4.86] (may be forged)) by ns1.bayouhome.net (8.9.3/8.9.3) with ESMTP id XAA30722; Sat, 17 Jun 2000 23:00:30 -0500 Received: (from glenn@localhost) by gforce.johnson.home (8.9.3/8.9.3) id WAA02326; Sat, 17 Jun 2000 22:58:13 -0500 (CDT) (envelope-from glenn) From: Glenn Johnson <glennpj@bayouhome.net> Date: Sat, 17 Jun 2000 22:57:38 -0500 To: "Dan O'Connor" <dan@mostgraveconcern.com> Cc: Glenn Johnson <glennpj@bayouhome.net>, questions@FreeBSD.ORG Subject: Re: ppp filter to allow fetch traffic Message-ID: <20000617225738.A1507@gforce.johnson.home> Mail-Followup-To: glenn, Dan O'Connor <dan@mostgraveconcern.com>, Glenn Johnson <glennpj@bayouhome.net>, questions@FreeBSD.ORG References: <085801bfd750$5d5a0780$0200000a@danco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <085801bfd750$5d5a0780$0200000a@danco>; from dan@mostgraveconcern.com on Thu, Jun 15, 2000 at 10:04:34PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jun 15, 2000 at 10:04:34PM -0700, Dan O'Connor wrote: > >I have been setting up filters in ppp to only allow certain > >traffic. I would like to allow fetch traffic so I can build > >ports. Without any filters, fetch works fine, but when I add filters > >it does not. I have filters to allow FTP traffic and that works fine > >but not fetch. > > > >What are the filter entries necessary to allow fetch traffic out the > >ppp link? > > > I never had any problems with 'fetch' using the following filters: > > set filter in 1 permit tcp src eq 20 dst gt 1023 > set filter out 1 permit tcp dst eq 20 > set filter in 2 permit tcp src eq 21 estab > set filter out 2 permit tcp dst eq 21 I have those filters in ppp.conf. If the URL is of the form http://some.server.com/somefile, then fetch works; if the URL is of the form ftp://some.server.com/somefile, then fetch does not work. If I remove all of the filters below then fetch ftp works. This makes no sense to me because the ftp program itself works fine when the filters below are present. set filter in 0 permit udp src eq 53 set filter in 1 permit udp src eq 123 set filter in 2 permit tcp src eq 5999 estab set filter in 3 permit tcp src eq 22 estab set filter in 4 permit tcp src eq 110 estab set filter in 5 permit tcp src eq 25 estab set filter in 6 permit tcp src eq 21 estab set filter in 7 permit tcp src eq 20 dst gt 1023 set filter in 8 permit tcp src eq 80 set filter in 9 permit tcp dst eq 3128 set filter out 0 permit udp dst eq 53 set filter out 1 permit udp dst eq 123 set filter out 2 permit tcp dst eq 5999 set filter out 3 permit tcp dst eq 22 set filter out 4 permit tcp dst eq 80 set filter out 5 permit tcp dst eq 110 set filter out 6 permit tcp dst eq 25 set filter out 7 permit tcp dst eq 21 set filter out 8 permit tcp dst eq 20 set filter out 9 permit tcp src eq 3128 -- Glenn Johnson glennpj@bayouhome.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message