K
On Mon, 23 Feb 1998, Sine Wave Surfmaster wrote:
>
> I have a customer with a windows network with most machines using internal
> addresses in the 192.168.120.X range and he has a new PM-2 configured in the
> range I have allocated him, 207.215.203.192/26. He wants his machines to dial
> on demand and only allow a machine in the 207.XXX range to initiate the
> connection. Straightforward huh...
>
> I've tried every variation I can think of but here's the basic filter:
>
> 1 deny 0.0.0.0/0 0.0.0.0/0 udp src eq 137
> 2 deny 0.0.0.0/0 0.0.0.0/0 udp src eq 138 (these two rules due to windows)
> 3 permit 207.215.203.192/26 0.0.0.0/0
>
> We put this filter on the input of the ethernet and it should (to my simpleton
> way of thinking) only pass the address range we want into the box.
>
> However, a packet trace shows the following merrily passing through the filter:
>
> UDP from 192.168.120.70.137 to 192.168.120.255.137
> UDP from 192.168.120.70.137 to 192.168.120.255.137
> UDP from 192.168.120.68.137 to 255.255.255.255.138
> UDP from 192.168.120.70.138 to 192.168.120.255.138
>
>
> >From the .255 address in the destination I have to wonder if the PM-2 just
> doesn't filter broadcast messages??? Am I missing something?
>
> Thanks in advance,
>
> Oscar Erickson
>
> --
> Sine Wave Solutions, LLC - The ultimate internet solution.
> Phone (510) 970-7448, FAX (510) 970-6080
> -
> To unsubscribe, email 'majordomo@livingston.com' with
> 'unsubscribe portmaster-users' in the body of the message.
> Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>
>
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>