From owner-freebsd-questions Tue Jul 13 17:28:52 1999 Delivered-To: freebsd-questions@freebsd.org Received: from awfulhak.org (dynamic-85.max1-du-ws.dialnetwork.pavilion.co.uk [212.74.8.85]) by hub.freebsd.org (Postfix) with ESMTP id 429F615157 for ; Tue, 13 Jul 1999 17:28:48 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from dev.lan.awfulhak.org (dev.lan.awfulhak.org [172.16.0.5]) by awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA18603; Wed, 14 Jul 1999 01:00:24 +0100 (BST) (envelope-from brian@lan.awfulhak.org) Received: from dev.lan.awfulhak.org (localhost [127.0.0.1]) by dev.lan.awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA78516; Wed, 14 Jul 1999 01:00:24 +0100 (BST) (envelope-from brian@dev.lan.awfulhak.org) Message-Id: <199907140000.BAA78516@dev.lan.awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: MICHAEL_HEITMEIER@HP-Germany-om12.om.hp.com Cc: freebsd-questions@FreeBSD.ORG, HEITMEIER_MICHAEL/HP-Germany_om12@isoit644.bbn.hp.com Subject: Re: PPP and Filter Setup Question In-reply-to: Your message of "Tue, 13 Jul 1999 11:11:43 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 14 Jul 1999 01:00:23 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, You're better off using ``dst eq 137'', and while you're there, block 138 & 139 too. This prevents connections against the eventuality that libalias will renumber the source port... Everything is now getting blocked because the default rule (assuming *any* rules are specified) is to block packets that fall out the end. You need a set filter dial 1 permit 0 0 to let things drop through by default. > Hi all, > > to keep my NT laptop from dialing my ISP when it's connected to my home > network I enabled TCP/IP logging in /etc/ppp/ppp.conf and duly received > the following log entry: > Jul 12 21:07:11 gimli ppp[7478]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:137 ---> > 15.180.3.114:137 > > Gimli is the gateway, 10.0.0.4 is the address of the laptop in my home > environment. I tried to find out what process still wants to access 15... > but did not find anything, certainly nothing I can see from my network > configuration (DNS and WINS are disabled), the only gateway is 10.0.0.1 > (gimli). > > Based on this I set the following entry in /etc/ppp/ppp.conf: > set filter dial 0 deny udp src eq 137 > > At first (when the laptop adapter indicated it was accessing the network) > it looked like success when ppp did not dial, but then I found that this > filter apparently blocked ALL dial out traffic... :-( > > Jul 12 22:07:50 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:1046 > ---> 15.181.150.30:53 - BLOCKED > Jul 12 22:09:15 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.4:137 ---> > 15.128.15.115:137 - BLOCKED > Jul 12 22:34:44 gimli ppp[7483]: tun0: TCP/IP: DIAL UDP: 10.0.0.2:1029 > ---> 145.253.2.11:53 - BLOCKED > > > What am I doing wrong? There is very little information about the > definition of 'src' in man ppp so I'm not sure if what I'm doing is even > correct. What are the numbers behind the IP address anyway (1046,137,1029)? > > > Thanks for any help, > > Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message