Date: Sat, 17 Jun 2000 22:57:38 -0500 From: Glenn Johnson <glennpj@bayouhome.net> To: "Dan O'Connor" <dan@mostgraveconcern.com> Cc: Glenn Johnson <glennpj@bayouhome.net>, questions@FreeBSD.ORG Subject: Re: ppp filter to allow fetch traffic Message-ID: <20000617225738.A1507@gforce.johnson.home> In-Reply-To: <085801bfd750$5d5a0780$0200000a@danco>; from dan@mostgraveconcern.com on Thu, Jun 15, 2000 at 10:04:34PM -0700 References: <085801bfd750$5d5a0780$0200000a@danco>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 15, 2000 at 10:04:34PM -0700, Dan O'Connor wrote: > >I have been setting up filters in ppp to only allow certain > >traffic. I would like to allow fetch traffic so I can build > >ports. Without any filters, fetch works fine, but when I add filters > >it does not. I have filters to allow FTP traffic and that works fine > >but not fetch. > > > >What are the filter entries necessary to allow fetch traffic out the > >ppp link? > > > I never had any problems with 'fetch' using the following filters: > > set filter in 1 permit tcp src eq 20 dst gt 1023 > set filter out 1 permit tcp dst eq 20 > set filter in 2 permit tcp src eq 21 estab > set filter out 2 permit tcp dst eq 21 I have those filters in ppp.conf. If the URL is of the form http://some.server.com/somefile, then fetch works; if the URL is of the form ftp://some.server.com/somefile, then fetch does not work. If I remove all of the filters below then fetch ftp works. This makes no sense to me because the ftp program itself works fine when the filters below are present. set filter in 0 permit udp src eq 53 set filter in 1 permit udp src eq 123 set filter in 2 permit tcp src eq 5999 estab set filter in 3 permit tcp src eq 22 estab set filter in 4 permit tcp src eq 110 estab set filter in 5 permit tcp src eq 25 estab set filter in 6 permit tcp src eq 21 estab set filter in 7 permit tcp src eq 20 dst gt 1023 set filter in 8 permit tcp src eq 80 set filter in 9 permit tcp dst eq 3128 set filter out 0 permit udp dst eq 53 set filter out 1 permit udp dst eq 123 set filter out 2 permit tcp dst eq 5999 set filter out 3 permit tcp dst eq 22 set filter out 4 permit tcp dst eq 80 set filter out 5 permit tcp dst eq 110 set filter out 6 permit tcp dst eq 25 set filter out 7 permit tcp dst eq 21 set filter out 8 permit tcp dst eq 20 set filter out 9 permit tcp src eq 3128 -- Glenn Johnson glennpj@bayouhome.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000617225738.A1507>