From owner-freebsd-questions Mon Sep 25 10: 1:49 2000 Delivered-To: freebsd-questions@freebsd.org Received: from www0r.netaddress.usa.net (www0r.netaddress.usa.net [204.68.24.47]) by hub.freebsd.org (Postfix) with SMTP id 3E53737B424 for ; Mon, 25 Sep 2000 10:01:38 -0700 (PDT) Received: (qmail 25168 invoked by uid 60001); 25 Sep 2000 17:01:37 -0000 Message-ID: <20000925170137.25167.qmail@www0r.netaddress.usa.net> Received: from 204.68.24.47 by www0r for [205.161.188.115] via web-mailer(34FM.0700.4.03) on Mon Sep 25 17:01:36 GMT 2000 Date: 25 Sep 00 11:01:36 CST From: Eduardo Huertas To: zulkarnain Subject: Re: ppp -auto -nat myisp Cc: Willem Brown , pstapley , freebsd-questions@FreeBSD.org X-Mailer: USANET web-mailer (34FM.0700.4.03) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Zul The default section of /etc/ppp/ppp.conf as I have in this moment is as bellow: default: set log Phase Chat LCP IPCP CCP tun command set log +tcp/ip set device /dev/cuaa0 set speed 115200 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \ OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" set timeout 300 set ifaddr 205.161.189.1/0 205.161.189.2/0 255.255.255.0 add default HISADDR set reconnect 3 20 allow users eduardo set server +3000 diagnostico # # If we don't want ICMP and DNS packets to keep the connection alive: # set filter alive 0 deny icmp # set filter alive 1 deny udp src eq 53 # set filter alive 2 deny udp dst eq 53 = # Blocking from nmbd process set filter alive 1 deny udp src eq 137 set filter alive 2 deny udp src eq 138 set filter alive 3 deny udp src eq 139 set filter alive 4 permit 0 0 # # # And we don't want ICMPs to cause a dialup: set filter dial 0 deny icmp # or any TCP SYN or RST packets (badly closed TCP channels): set filter dial 1 deny 0 0 tcp syn finrst # DNS lookups # set filter dial 2 deny udp src eq 53 # set filter dial 3 deny udp dst eq 53 # DNS lookups from Windows machines set filter dial 2 deny udp src eq 137 # NetBIOS name service = set filter dial 3 deny udp src eq 138 # NetBIOS datagram service = set filter dial 4 deny udp src eq 139 # NetBIOS session service = set filter dial 5 deny udp dst eq 137 # NetBIOS name service = set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service = set filter dial 7 deny udp dst eq 139 # NetBIOS session service = set filter dial 8 permit 0/0 0/0 As you can see I commented the DNS lookups part, because when I wated to = pop my ISP, the packets were BLOCKED because of the use of 53 port. My problem was to block DNS lookups from SMB packets, ports 137, 138 and = 139. = And these filers work for that. Thanks a lot LIST. -edu- zulkarnain wrote: > = > now please send us your final configuration :) > = > regards, > zul > = > On 22 Sep 2000, Eduardo Huertas wrote: > = > > EXCELLENT! > > = > > Everything is super OK now. > > = > > Thanks a lot Willem and Pete. > > = > > Se los agradezco mucho :-) > > = > > -edu- > = > = ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=3D= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message