Re: Radius and Portmaster filters; Need Help

Stephen Zedalis (tintype@zedalis.com)
Sat, 30 Nov 1996 07:43:48 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Re: Setting minimum connection rate (fwd)"
Previous message: Stephen Zedalis: "Re: Asked a 1000 times"
In reply to: Stephen Zedalis: "Re: Radius and Portmaster filters; Need Help"

Well you named your filter on the portmaster all wrong. What is
signup.ft? Its either signup.in or signup.out. If you want to restrict
packets going out to him use signup.out, if you want to restrict packets
into your portmaster use signup.in. You also need more than this one
rule. How are any DNS packets going to get through for nameserver
lookups? And how about ICMP? Is there the possibility of pinging the
host etc? Do any of your web pages generate SMTP (mail?) I am assuming
that you want to filter a user out so that all he can do is go to your
web page to find out why he was disconnected or some such thing? You
will have to enable DNS (udp port 53) so that his browser can find your
host by name. We do this all the time except we have email only filters
so that email-only accounts can logon PPP and send (SMTP) and pop (POP3)
mail and that is it.

On Sat, 30 Nov 1996, BadgerNet wrote:

> I need some help on packet filters. I want to restrict a single dialup
> user on my portmaster to http only on my local network. I'm using Radius,
> for authentication, and a PM2e Portmaster with OS v3.1.4. Following are
> the files involved, but this setup doesn't seem to work. I can dial in as
> the user and use all available protocols on the system, to anywhere in the
> world. Can anyone provide me with a solution?
>
> FROM /etc/raddb/users
>
> guest Password = "guest", Client-Id = portmaster
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-Filter-Id = "signup",
> Framed-Compression = Van-Jacobsen-TCP-IP,
> Framed-MTU = 1500
>
> FROM Portmaster
>
> pm1> sho filter signup.ft
^^^^^^^^^

>
> 1 permit 0.0.0.0/0 207.113.50.5/32 tcp dst eq 80
>
>
> pm1> sho s0
> ----------------------- Current Status - Port S0
> ---------------------------
> Status: ESTABLISHED
> Input: 1385397 Parity Errors: 0
> Output: 17933505 Framing Errors: 6
> Pending: 0 Overrun Errors: 0
>
> Active Configuration Default Configuration
> -------------------- ---------------------
> Port Type: Netwrk Login/Netwrk (Dial In) (Security)
> Baud Rates: 115200 115200,115200,115200
> Flow Control: RTS/CTS No Xon/Xoff*,RTS/CTS
> Modem Control: on on (No Hangup)
> Modem Status: Configured mt1
>
> Remote Host: 207.113.50.107
> Netmask: 255.255.255.0 0.0.0.0
> Interface: ptp0 (PPP,Quiet,Compres (SLIP,Quiet)
> Mtu: 1500 1500
> Async Map: L:00000000 R:000a0000 00000000
> Pkt Filters: In:signup.in Out:signup.out
> Dial Group: 0

Next message: MegaZone: "Re: Setting minimum connection rate (fwd)"
Previous message: Stephen Zedalis: "Re: Asked a 1000 times"
In reply to: Stephen Zedalis: "Re: Radius and Portmaster filters; Need Help"