(PM) A problem with filters

Sine Wave Surfmaster (Surfmaster@Lagom.SineWave.com)
Mon, 23 Feb 1998 17:29:06 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Krzysztof Adamski: "Re: (PM) A problem with filters"
Previous message: Chris Fournier: "RE: (PM) win95 PPP via RS232 cable into PM2 ?"

I have a customer with a windows network with most machines using internal
addresses in the 192.168.120.X range and he has a new PM-2 configured in the
range I have allocated him, 207.215.203.192/26. He wants his machines to dial
on demand and only allow a machine in the 207.XXX range to initiate the
connection. Straightforward huh...

I've tried every variation I can think of but here's the basic filter:

1 deny 0.0.0.0/0 0.0.0.0/0 udp src eq 137
2 deny 0.0.0.0/0 0.0.0.0/0 udp src eq 138 (these two rules due to windows)
3 permit 207.215.203.192/26 0.0.0.0/0

We put this filter on the input of the ethernet and it should (to my simpleton
way of thinking) only pass the address range we want into the box.

However, a packet trace shows the following merrily passing through the filter:

UDP from 192.168.120.70.137 to 192.168.120.255.137
UDP from 192.168.120.70.137 to 192.168.120.255.137
UDP from 192.168.120.68.137 to 255.255.255.255.138
UDP from 192.168.120.70.138 to 192.168.120.255.138

>From the .255 address in the destination I have to wonder if the PM-2 just
doesn't filter broadcast messages??? Am I missing something?

Thanks in advance,

Oscar Erickson

-- 
Sine Wave Solutions, LLC - The ultimate internet solution.
Phone (510) 970-7448,  FAX (510) 970-6080
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Krzysztof Adamski: "Re: (PM) A problem with filters"
Previous message: Chris Fournier: "RE: (PM) win95 PPP via RS232 cable into PM2 ?"