Today I've discovered that dial rules not always executed correctly. In
the example above request from 212.42.69.214 should not be blocked
because 212.42.69.214 is in fact MYADDR! I'm using ppp from -current
cvsup'ed and built today (-auto -alias). And what is really strange that
this not always the case (in most cases it not blocking this packets and
dials just fine).
Following is the log:
TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 192.168.1.1:2191 ---> 193.193.193.100:53 - BLOCKED
TCP/IP: DIAL UDP: 212.42.69.214:3604 ---> 212.42.68.2:53 - BLOCKED
ppp ON vega> q
Connection closed
sh-2.03# ifconfig -a
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:40:05:3b:1c:23
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 212.42.69.214 --> 212.42.68.4 netmask 0xffffffff
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
Relevant pieces from ppp.conf:
disable sroutes
set filter dial 0 deny 0/0 0/0 tcp syn
set filter dial 1 deny 0/0 0/0 tcp finrst
set filter dial 2 permit MYADDR 0/0 udp dst eq 3130
set filter dial 3 permit MYADDR 0/0 udp dst eq 53
set filter dial 4 permit MYADDR 0/0 tcp dst eq 25
set filter dial 5 permit 0/0 0/0 udp dst eq 2074
Sincerely,
Maxim
--
"We believe in the Power and the Might!"
(Manowar, 1996)
----------------------------------------
Maxim V. Sobolev, Financial Analyst,
Vega International Capital
Phone: +380-(44)-246-6396
Fax: +380-(44)-220-8715
E-mail: [EMAIL PROTECTED]
ICQ: #42290709
----------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
