(RADIATOR) Filters

Mon Aug 6 05:42:26 CDT 2001

Hello Tom -

Note that the correct spelling is "Filter-Id" in your user definitions.

You will have to check a trace 4 debug from Radiator to verify that the 
correct attribute is being sent back to the NAS, then you will have to check 
on the NAS that it is dealing with the filter correctly.

hth

Hugh

On Monday 06 August 2001 19:18, Tom Daly wrote:

> > Hi Everyone,
> I am having one tough time getting a filter to work with radiator and
> Ascend MAX TNTs.
>
> Here's my plan. I need to deal with some spamming issues on the network, so
> for my plain dialup customers I need to enforce a filter that drops all
> packets coming in or going out a NAS port that are on TCP Port 25.
>
> I am adding the following to my user profiles:
>
> Filter-ID = "free-internet"
>
> The following is the configuration from my TNT Chassis:
>
> set filter-name = free-internet
> set input-filters 1 valid-entry = yes
> set input-filters 1 forward = no
> set input-filters 1 Type = ip-filter
> set input-filters 1 gen-filter offset = 0
> set input-filters 1 gen-filter len = 0
> set input-filters 1 gen-filter more = no
> set input-filters 1 gen-filter comp-neq = no
> set input-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00
> set input-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00
> set input-filters 1 ip-filter protocol = 6
> set input-filters 1 ip-filter source-address-mask = 0.0.0.0
> set input-filters 1 ip-filter source-address = 0.0.0.0
> set input-filters 1 ip-filter dest-address-mask = 0.0.0.0
> set input-filters 1 ip-filter dest-address = 0.0.0.0
> set input-filters 1 ip-filter Src-Port-Cmp = eql
> set input-filters 1 ip-filter source-port = 25
> set input-filters 1 ip-filter Dst-Port-Cmp = eql
> set input-filters 1 ip-filter dest-port = 25
> set input-filters 1 ip-filter tcp-estab = no
> set input-filters 1 route-filter source-address-mask = 0.0.0.0
> set input-filters 1 route-filter source-address = 0.0.0.0
> set input-filters 1 route-filter route-mask = 0.0.0.0
> set input-filters 1 route-filter route-address = 0.0.0.0
> set input-filters 1 route-filter add-metric = 0
> set input-filters 1 route-filter action = none
> set input-filters 1 ipx-filter src-net-address = 00:00:00:00
> set input-filters 1 ipx-filter dest-net-address = 00:00:00:00
> set input-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
> set input-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
> set input-filters 1 ipx-filter src-socket = 00:00
> set input-filters 1 ipx-filter src-socket-cmp = none
> set input-filters 1 ipx-filter dest-socket = 0
> set input-filters 1 ipx-filter dst-socket-cmp = none
> set input-filters 1 tos-filter protocol = 0
> set input-filters 1 tos-filter source-address-mask = 0.0.0.0
> set input-filters 1 tos-filter source-address = 0.0.0.0
> set input-filters 1 tos-filter dest-address-mask = 0.0.0.0
> set input-filters 1 tos-filter dest-address = 0.0.0.0
> set input-filters 1 tos-filter Src-Port-Cmp = none
> set input-filters 1 tos-filter source-port = 0
> set input-filters 1 tos-filter Dst-Port-Cmp = none
> set input-filters 1 tos-filter dest-port = 0
> set input-filters 1 tos-filter precedence = 000
> set input-filters 1 tos-filter type-of-service = normal
> set output-filters 1 valid-entry = yes
> set output-filters 1 forward = no
> set output-filters 1 Type = ip-filter
> set output-filters 1 gen-filter offset = 0
> set output-filters 1 gen-filter len = 0
> set output-filters 1 gen-filter more = no
> set output-filters 1 gen-filter comp-neq = no
> set output-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00
> set output-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00
> set output-filters 1 ip-filter protocol = 6
> set output-filters 1 ip-filter source-address-mask = 0.0.0.0
> set output-filters 1 ip-filter source-address = 0.0.0.0
> set output-filters 1 ip-filter dest-address-mask = 0.0.0.0
> set output-filters 1 ip-filter dest-address = 0.0.0.0
> set output-filters 1 ip-filter Src-Port-Cmp = eql
> set output-filters 1 ip-filter source-port = 25
> set output-filters 1 ip-filter Dst-Port-Cmp = eql
> set output-filters 1 ip-filter dest-port = 25
> set output-filters 1 ip-filter tcp-estab = no
> set output-filters 1 route-filter source-address-mask = 0.0.0.0
> set output-filters 1 route-filter source-address = 0.0.0.0
> set output-filters 1 route-filter route-mask = 0.0.0.0
> set output-filters 1 route-filter route-address = 0.0.0.0
> set output-filters 1 route-filter add-metric = 0
> set output-filters 1 route-filter action = none
> set output-filters 1 ipx-filter src-net-address = 00:00:00:00
> set output-filters 1 ipx-filter dest-net-address = 00:00:00:00
> set output-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
> set output-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
> set output-filters 1 ipx-filter src-socket = 00:00
> set output-filters 1 ipx-filter src-socket-cmp = none
> set output-filters 1 ipx-filter dest-socket = 0
> set output-filters 1 ipx-filter dst-socket-cmp = none
> set output-filters 1 tos-filter protocol = 0
> set output-filters 1 tos-filter source-address-mask = 0.0.0.0
> set output-filters 1 tos-filter source-address = 0.0.0.0
> set output-filters 1 tos-filter dest-address-mask = 0.0.0.0
> set output-filters 1 tos-filter dest-address = 0.0.0.0
> set output-filters 1 tos-filter Src-Port-Cmp = none
> set output-filters 1 tos-filter source-port = 0
> set output-filters 1 tos-filter Dst-Port-Cmp = none
> set output-filters 1 tos-filter dest-port = 0
> set output-filters 1 tos-filter precedence = 000
> set output-filters 1 tos-filter type-of-service = normal
>
> When I run this to check, I connect to the account and then try to Telnet
> to a Sendmail server on Port 25. Each time I get a connection, which means
> it is not working. Can someone help me out here?
>
> Thanks in advance,
> --Tom
>
>
>
> Tom Daly
> Network Operations Administrator
> G4 Communications Corp. / Metro2000 Internet Services
> E: tomdaly at metro2000.net / W3: www.metro2000.net

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.