Date: Sun, 19 Apr 1998 13:59:52 -0300 From: Capriotti <capriotti@geocities.com> To: freebsd-questions@FreeBSD.ORG Subject: HELP with PPP and filetring, please ! Message-ID: <3.0.32.19980419135439.00a4c890@pop.mpc.com.br>
next in thread | raw e-mail | index | archive | help
Sorry to ask you, but the archives are not working. I just can't make ppp and filtering work nice. When starting PPP with -auto, I get the following msg: itás strange, since all the filtering is commented ! # ppp -alias -auto mp User Process PPP. Written by Toshiharu OHNO. Using interface: tun0 Automatic Dialer mode Must specify dstaddr with auto, background or ddial mode. bash-2.01# My ppp.conf is as follows: default: set device /dev/cuaa1 set speed 115200 disable pred1 deny pred1 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0L0 OK-AT-OK \\dATDP\\T TIMEOUT 40 CONNECT" set redial 5 10 set log Phase Chat Connect Carrier hdlc LCP IPCP CCp tun ################# # ################# mp: #### Set FILTERing # Don't keep Alive with ICMP,DNS and RIP packets # # set afilter 0 deny icmp # set afilter 1 deny udp src eq 53 # set afilter 2 deny udp dst eq 53 # set afilter 3 deny udp src eq 520 # set afilter 4 deny udp dst eq 520 # set afilter 5 permit 0/0 0/0 # # Don't let ICMP packets cause us to dial # # set dfilter 0 deny icmp # set dfilter 1 permit 0/0 0/0 # # # Allow ident packets to pass through # # set ifilter 0 permit tcp dst eq 113 # set ofilter 0 permit tcp src eq 113 # # DO NOT Allow telnet connections to the Internet # # set ifilter 1 deny tcp src eq 23 estab # set ofilter 1 deny tcp dst eq 23 # # Allow ftp access to the Internet # # set ifilter 2 permit tcp src eq 21 estab # set ofilter 2 permit tcp dst eq 21 # set ifilter 3 permit tcp src eq 20 dst gt 1023 # set ofilter 3 permit tcp dst eq 20 # # Allow access to any DNS # # set ifilter 4 permit udp src eq 53 # set ofilter 4 permit udp dst eq 53 # # DO NOT Allow access from/to my company network # # set ifilter 5 deny 192.244.191.0/24 0/0 # set ofilter 5 deny 0/0 192.244.191.0/24 # # Allow ping and traceroute response # # set ifilter 6 permit icmp # set ofilter 6 permit icmp # set ifilter 7 permit udp dst gt 33433 # set ofilter 7 permit udp dst gt 33433 # # Deny dialing for some stupid reasons like DNS LOOKUP, according to # http://www.FreeBSD.org/FAQ/FAQ142.html#142 # # set dfilter 2 deny udp src eq 53 # set dfilter 3 deny udp dst eq 53 # set dfilter 4 permit 0/0 0/0 # # Set log on for trafic. I just don't know where should I find the log file. # # set log +tcp/ip # #### End set filtering set phone 2541855 set login "TIMEOUT 15 blablabla" set authname loginname set authkey passwd set timeout 600 set openmode active set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 delete ALL add 0 0 HISADDR # #### To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19980419135439.00a4c890>