Re: (PM) Filter not working on pm2e30

Scott Carpenter (scarpenter@assuredaccess.com)
Mon, 12 Jan 1998 11:02:42 -0800

At 07:07 PM 1/10/98 -500, Jim wrote:
>Using suggestions from this list, I have created a filter to allow
>mail only users ( they can also visit our site). Well... I thought
>that I had.
>
>It doesn't work. I call into the pm and authenticate as this user. I
>open a browser and go anywhere I want to :(
>
>Below are: the radius users entry, the filter as it is on the pm and
>port stats for this user's connection.
>
>Can anyone see what I am doing wrong?
>
>Jim
>
>test Password = "test"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Session-Timeout = 3600,
> Framed-IP-Address = 255.255.255.254,
> Framed-Routing = None,
> Filter-Id = "mailonly",
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
The filter on the portmaster needs to be named mailonly.in(the filter looks
to be a input filter). When you give the filter the .in suffix the will
only be applied as a input filter.

>pm1> sh fil mailonly
> 1 permit 0.0.0.0/0 206.244.181.226/32 tcp dst eq 80
> 2 permit 0.0.0.0/0 206.244.181.226/32 tcp dst eq 25
> 3 permit 0.0.0.0/0 206.244.181.226/32 tcp dst eq 110
> 4 permit 0.0.0.0/0 0.0.0.0/0 icmp
> 5 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 80
> 6 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 20
> 7 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 21
> 8 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 109
> 9 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 119
>10 permit 0.0.0.0/0 0.0.0.0/0 ip
>pm1>
>
>pm1> sh s29
>----------------------- Current Status - Port S29
>---------------------------
> Status: ESTABLISHED
> Input: 12070124 Parity Errors: 0
> Output: 44242876 Framing Errors: 5
> Pending: 0 Overrun Errors: 0
> Modem Status: DCD+ CTS+
>
> Active Configuration Default Configuration
> -------------------- ---------------------
> Port Type: Netwrk Netwrk (Dial In) (Security)
> Baud Rates: 115200 115200,115200,115200
> Flow Control: RTS/CTS RTS/CTS
> Modem Control: on on
> Modem Config: Configured usr-v34
>
> Remote Host: dial199.interaxs.net
> Netmask: 255.255.255.255 0.0.0.0
> Interface: ptp29 (PPP,Quiet,VJ-Comp)
> Mtu: 1500 1500
> Pkt Filters: In:mailonly.in Out:mailonly.out

The portmaster does not know how to apply the filter so it applies a .in
and .out, these two filters do not exist. On a portmaster when a filter is
applied that does not exist everything is permited.

> Async Map: L:00000000 R:00000000 00000000
> Dial Group: 0
>pm1>
>
>Jim
>hostmaster@interaxs.net
>---------------------------
>InterNet Access Network
>18 1/2 McDaniel Street
>Dayton, OH 45405-4816
>email: support@interaxs.net
>Voice: (937) 461-3660
>Fax: (937) 228-2773
>http://www.interaxs.net
>---------------------------
>-
>To unsubscribe, email 'majordomo@livingston.com' with
>'unsubscribe portmaster-users' in the body of the message.
>
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.