Date: 25 Sep 00 11:01:36 CST From: Eduardo Huertas <eduhuertas@usa.net> To: zulkarnain <zul@unsyiah.ac.id> Cc: Willem Brown <willem@brwn.org>, pstapley <pstapley@rapidnet.com>, freebsd-questions@FreeBSD.org Subject: Re: ppp -auto -nat myisp Message-ID: <20000925170137.25167.qmail@www0r.netaddress.usa.net>
index | next in thread | raw e-mail
Hi Zul
The default section of /etc/ppp/ppp.conf as I have in this moment is as
bellow:
default:
set log Phase Chat LCP IPCP CCP tun command
set log +tcp/ip
set device /dev/cuaa0
set speed 115200
disable lqr
deny lqr
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \
OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
set timeout 300
set ifaddr 205.161.189.1/0 205.161.189.2/0 255.255.255.0
add default HISADDR
set reconnect 3 20
allow users eduardo
set server +3000 diagnostico
#
# If we don't want ICMP and DNS packets to keep the connection alive:
#
set filter alive 0 deny icmp
# set filter alive 1 deny udp src eq 53
# set filter alive 2 deny udp dst eq 53
# Blocking from nmbd process
set filter alive 1 deny udp src eq 137
set filter alive 2 deny udp src eq 138
set filter alive 3 deny udp src eq 139
set filter alive 4 permit 0 0
#
#
# And we don't want ICMPs to cause a dialup:
set filter dial 0 deny icmp
# or any TCP SYN or RST packets (badly closed TCP channels):
set filter dial 1 deny 0 0 tcp syn finrst
# DNS lookups
# set filter dial 2 deny udp src eq 53
# set filter dial 3 deny udp dst eq 53
# DNS lookups from Windows machines
set filter dial 2 deny udp src eq 137 # NetBIOS name service
set filter dial 3 deny udp src eq 138 # NetBIOS datagram service
set filter dial 4 deny udp src eq 139 # NetBIOS session service
set filter dial 5 deny udp dst eq 137 # NetBIOS name service
set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service
set filter dial 7 deny udp dst eq 139 # NetBIOS session service
set filter dial 8 permit 0/0 0/0
As you can see I commented the DNS lookups part, because when I wated to pop
my ISP, the packets were BLOCKED because of the use of 53 port.
My problem was to block DNS lookups from SMB packets, ports 137, 138 and 139.
And these filers work for that.
Thanks a lot LIST.
-edu-
zulkarnain <zul@unsyiah.ac.id> wrote:
>
> now please send us your final configuration :)
>
> regards,
> zul
>
> On 22 Sep 2000, Eduardo Huertas wrote:
>
> > EXCELLENT!
> >
> > Everything is super OK now.
> >
> > Thanks a lot Willem and Pete.
> >
> > Se los agradezco mucho :-)
> >
> > -edu-
>
>
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000925170137.25167.qmail>