Re: (PM) Adding filters on a PM3

Doug Ingraham (dpi@rapidnet.com)
Tue, 2 Feb 1999 08:16:14 -0700 (MST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jake Messinger: "(PM) How old are you now?"
Previous message: Mark Oven: "(PM) Adding filters on a PM3"

In Radius you specified online as the filter. It is applied in the
portmaster as online.in and online.out so you need name your filter
online.in or online.out as appropriate in your portmaster. In this case
online.in is appropriate. I would also add an explicit deny at the end of
the filter even though it is implied.

Doug Ingraham You can judge the quality of your life by how often
Rapid City, SD you notice the enjoyment of the little things.
USA

On 2 Feb 1999, Mark Oven wrote:

> We are using Emerald 2.5.227 and the PM3's w/3.8.2 OS as our RAS.
>
> What we are trying to do is to set up an online signup system that will let
> anyone to access our RAS with a set username and password (for example
> username : newcustomer and password : newcustomer). Those who are dialing in
> with this username and password will be told to go to our subscription page
> (for example subscribe.abcnet.com w/IP 199.199.199.199)to fill out the
> relevant pages and get a membership online.
>
> To achieve this we added a filter named online to the PM3 as below. Our aim
> is to prevent people to go anywhere else other than the subscription page.
> Let's assume that our DNS server is at 199.199.199.1 :
>
> Filtername : online
> 1 permit 0.0.0.0/0 199.199.199.1/32 tcp dst eq 53
> 2 permit 0.0.0.0/0 199.199.199.1/32 udp dst eq 53
> 3 permit 0.0.0.0/0 199.199.199.199/32 tcp dst eq 80
>
>
> Once this was accomplished we created a service account (name : online
> subsciption) in Emerald and added as the service default Framed-Filter :
> online
>
> Guess what? It didn't work. People acessing the RAS with the above filter
> and username/password can still go anywhere they want.
>
> We found out that the Rad Attribute should be Framed-Filter-Id for PM3 and
> changed that accordingly. But still it let's everyone through.
>
> What are we doing wrong here ? Should we add the rad attribute as a VSA ?
> Is something wrong with the filter ?
>
> Any help will be appreciated.
>
> ____________________________________________________________________
> Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
> -
> To unsubscribe, email 'majordomo@livingston.com' with
> 'unsubscribe portmaster-users' in the body of the message.
> Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>
>

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Jake Messinger: "(PM) How old are you now?"
Previous message: Mark Oven: "(PM) Adding filters on a PM3"