Date: 25 Sep 00 11:01:36 CST From: Eduardo Huertas <eduhuertas@usa.net> To: zulkarnain <zul@unsyiah.ac.id> Cc: Willem Brown <willem@brwn.org>, pstapley <pstapley@rapidnet.com>, freebsd-questions@FreeBSD.org Subject: Re: ppp -auto -nat myisp Message-ID: <20000925170137.25167.qmail@www0r.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
Hi Zul The default section of /etc/ppp/ppp.conf as I have in this moment is as bellow: default: set log Phase Chat LCP IPCP CCP tun command set log +tcp/ip set device /dev/cuaa0 set speed 115200 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \ OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" set timeout 300 set ifaddr 205.161.189.1/0 205.161.189.2/0 255.255.255.0 add default HISADDR set reconnect 3 20 allow users eduardo set server +3000 diagnostico # # If we don't want ICMP and DNS packets to keep the connection alive: # set filter alive 0 deny icmp # set filter alive 1 deny udp src eq 53 # set filter alive 2 deny udp dst eq 53 = # Blocking from nmbd process set filter alive 1 deny udp src eq 137 set filter alive 2 deny udp src eq 138 set filter alive 3 deny udp src eq 139 set filter alive 4 permit 0 0 # # # And we don't want ICMPs to cause a dialup: set filter dial 0 deny icmp # or any TCP SYN or RST packets (badly closed TCP channels): set filter dial 1 deny 0 0 tcp syn finrst # DNS lookups # set filter dial 2 deny udp src eq 53 # set filter dial 3 deny udp dst eq 53 # DNS lookups from Windows machines set filter dial 2 deny udp src eq 137 # NetBIOS name service = set filter dial 3 deny udp src eq 138 # NetBIOS datagram service = set filter dial 4 deny udp src eq 139 # NetBIOS session service = set filter dial 5 deny udp dst eq 137 # NetBIOS name service = set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service = set filter dial 7 deny udp dst eq 139 # NetBIOS session service = set filter dial 8 permit 0/0 0/0 As you can see I commented the DNS lookups part, because when I wated to = pop my ISP, the packets were BLOCKED because of the use of 53 port. My problem was to block DNS lookups from SMB packets, ports 137, 138 and = 139. = And these filers work for that. Thanks a lot LIST. -edu- zulkarnain <zul@unsyiah.ac.id> wrote: > = > now please send us your final configuration :) > = > regards, > zul > = > On 22 Sep 2000, Eduardo Huertas wrote: > = > > EXCELLENT! > > = > > Everything is super OK now. > > = > > Thanks a lot Willem and Pete. > > = > > Se los agradezco mucho :-) > > = > > -edu- > = > = ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=3D= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000925170137.25167.qmail>