(RADIATOR) Filters
Tom Daly
tomdaly at metro2000.net
Mon Aug 6 04:18:19 CDT 2001
Hi Everyone,
I am having one tough time getting a filter to work with radiator and Ascend MAX TNTs.
Here's my plan. I need to deal with some spamming issues on the network, so for my plain dialup customers I need to enforce a filter that drops all packets coming in or going out a NAS port that are on TCP Port 25.
I am adding the following to my user profiles:
Filter-ID = "free-internet"
The following is the configuration from my TNT Chassis:
set filter-name = free-internet
set input-filters 1 valid-entry = yes
set input-filters 1 forward = no
set input-filters 1 Type = ip-filter
set input-filters 1 gen-filter offset = 0
set input-filters 1 gen-filter len = 0
set input-filters 1 gen-filter more = no
set input-filters 1 gen-filter comp-neq = no
set input-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00
set input-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00
set input-filters 1 ip-filter protocol = 6
set input-filters 1 ip-filter source-address-mask = 0.0.0.0
set input-filters 1 ip-filter source-address = 0.0.0.0
set input-filters 1 ip-filter dest-address-mask = 0.0.0.0
set input-filters 1 ip-filter dest-address = 0.0.0.0
set input-filters 1 ip-filter Src-Port-Cmp = eql
set input-filters 1 ip-filter source-port = 25
set input-filters 1 ip-filter Dst-Port-Cmp = eql
set input-filters 1 ip-filter dest-port = 25
set input-filters 1 ip-filter tcp-estab = no
set input-filters 1 route-filter source-address-mask = 0.0.0.0
set input-filters 1 route-filter source-address = 0.0.0.0
set input-filters 1 route-filter route-mask = 0.0.0.0
set input-filters 1 route-filter route-address = 0.0.0.0
set input-filters 1 route-filter add-metric = 0
set input-filters 1 route-filter action = none
set input-filters 1 ipx-filter src-net-address = 00:00:00:00
set input-filters 1 ipx-filter dest-net-address = 00:00:00:00
set input-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
set input-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
set input-filters 1 ipx-filter src-socket = 00:00
set input-filters 1 ipx-filter src-socket-cmp = none
set input-filters 1 ipx-filter dest-socket = 0
set input-filters 1 ipx-filter dst-socket-cmp = none
set input-filters 1 tos-filter protocol = 0
set input-filters 1 tos-filter source-address-mask = 0.0.0.0
set input-filters 1 tos-filter source-address = 0.0.0.0
set input-filters 1 tos-filter dest-address-mask = 0.0.0.0
set input-filters 1 tos-filter dest-address = 0.0.0.0
set input-filters 1 tos-filter Src-Port-Cmp = none
set input-filters 1 tos-filter source-port = 0
set input-filters 1 tos-filter Dst-Port-Cmp = none
set input-filters 1 tos-filter dest-port = 0
set input-filters 1 tos-filter precedence = 000
set input-filters 1 tos-filter type-of-service = normal
set output-filters 1 valid-entry = yes
set output-filters 1 forward = no
set output-filters 1 Type = ip-filter
set output-filters 1 gen-filter offset = 0
set output-filters 1 gen-filter len = 0
set output-filters 1 gen-filter more = no
set output-filters 1 gen-filter comp-neq = no
set output-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00
set output-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00
set output-filters 1 ip-filter protocol = 6
set output-filters 1 ip-filter source-address-mask = 0.0.0.0
set output-filters 1 ip-filter source-address = 0.0.0.0
set output-filters 1 ip-filter dest-address-mask = 0.0.0.0
set output-filters 1 ip-filter dest-address = 0.0.0.0
set output-filters 1 ip-filter Src-Port-Cmp = eql
set output-filters 1 ip-filter source-port = 25
set output-filters 1 ip-filter Dst-Port-Cmp = eql
set output-filters 1 ip-filter dest-port = 25
set output-filters 1 ip-filter tcp-estab = no
set output-filters 1 route-filter source-address-mask = 0.0.0.0
set output-filters 1 route-filter source-address = 0.0.0.0
set output-filters 1 route-filter route-mask = 0.0.0.0
set output-filters 1 route-filter route-address = 0.0.0.0
set output-filters 1 route-filter add-metric = 0
set output-filters 1 route-filter action = none
set output-filters 1 ipx-filter src-net-address = 00:00:00:00
set output-filters 1 ipx-filter dest-net-address = 00:00:00:00
set output-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
set output-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
set output-filters 1 ipx-filter src-socket = 00:00
set output-filters 1 ipx-filter src-socket-cmp = none
set output-filters 1 ipx-filter dest-socket = 0
set output-filters 1 ipx-filter dst-socket-cmp = none
set output-filters 1 tos-filter protocol = 0
set output-filters 1 tos-filter source-address-mask = 0.0.0.0
set output-filters 1 tos-filter source-address = 0.0.0.0
set output-filters 1 tos-filter dest-address-mask = 0.0.0.0
set output-filters 1 tos-filter dest-address = 0.0.0.0
set output-filters 1 tos-filter Src-Port-Cmp = none
set output-filters 1 tos-filter source-port = 0
set output-filters 1 tos-filter Dst-Port-Cmp = none
set output-filters 1 tos-filter dest-port = 0
set output-filters 1 tos-filter precedence = 000
set output-filters 1 tos-filter type-of-service = normal
When I run this to check, I connect to the account and then try to Telnet to a Sendmail server on Port 25. Each time I get a connection, which means it is not working. Can someone help me out here?
Thanks in advance,
--Tom
Tom Daly
Network Operations Administrator
G4 Communications Corp. / Metro2000 Internet Services
E: tomdaly at metro2000.net / W3: www.metro2000.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20010806/0201818d/attachment.html>
More information about the radiator
mailing list