(RADIATOR) Filters

Mon Aug 6 08:18:13 CDT 2001

Hi Hugh,
Me and my darn typing fingers...you're right. Filter-Id!

Thanks as always,
Tom

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Tom Daly" <tomdaly at metro2000.net>; <radiator at open.com.au>
Sent: Monday, August 06, 2001 6:42 AM
Subject: Re: (RADIATOR) Filters

>
> Hello Tom -
>
> Note that the correct spelling is "Filter-Id" in your user definitions.
>
> You will have to check a trace 4 debug from Radiator to verify that the
> correct attribute is being sent back to the NAS, then you will have to
check
> on the NAS that it is dealing with the filter correctly.
>
> hth
>
> Hugh
>
>
> On Monday 06 August 2001 19:18, Tom Daly wrote:
>
> > > Hi Everyone,
> > I am having one tough time getting a filter to work with radiator and
> > Ascend MAX TNTs.
> >
> > Here's my plan. I need to deal with some spamming issues on the network,
so
> > for my plain dialup customers I need to enforce a filter that drops all
> > packets coming in or going out a NAS port that are on TCP Port 25.
> >
> > I am adding the following to my user profiles:
> >
> > Filter-ID = "free-internet"
> >
> > The following is the configuration from my TNT Chassis:
> >
> > set filter-name = free-internet
> > set input-filters 1 valid-entry = yes
> > set input-filters 1 forward = no
> > set input-filters 1 Type = ip-filter
> > set input-filters 1 gen-filter offset = 0
> > set input-filters 1 gen-filter len = 0
> > set input-filters 1 gen-filter more = no
> > set input-filters 1 gen-filter comp-neq = no
> > set input-filters 1 gen-filter mask =
00:00:00:00:00:00:00:00:00:00:00:00
> > set input-filters 1 gen-filter value =
00:00:00:00:00:00:00:00:00:00:00:00
> > set input-filters 1 ip-filter protocol = 6
> > set input-filters 1 ip-filter source-address-mask = 0.0.0.0
> > set input-filters 1 ip-filter source-address = 0.0.0.0
> > set input-filters 1 ip-filter dest-address-mask = 0.0.0.0
> > set input-filters 1 ip-filter dest-address = 0.0.0.0
> > set input-filters 1 ip-filter Src-Port-Cmp = eql
> > set input-filters 1 ip-filter source-port = 25
> > set input-filters 1 ip-filter Dst-Port-Cmp = eql
> > set input-filters 1 ip-filter dest-port = 25
> > set input-filters 1 ip-filter tcp-estab = no
> > set input-filters 1 route-filter source-address-mask = 0.0.0.0
> > set input-filters 1 route-filter source-address = 0.0.0.0
> > set input-filters 1 route-filter route-mask = 0.0.0.0
> > set input-filters 1 route-filter route-address = 0.0.0.0
> > set input-filters 1 route-filter add-metric = 0
> > set input-filters 1 route-filter action = none
> > set input-filters 1 ipx-filter src-net-address = 00:00:00:00
> > set input-filters 1 ipx-filter dest-net-address = 00:00:00:00
> > set input-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
> > set input-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
> > set input-filters 1 ipx-filter src-socket = 00:00
> > set input-filters 1 ipx-filter src-socket-cmp = none
> > set input-filters 1 ipx-filter dest-socket = 0
> > set input-filters 1 ipx-filter dst-socket-cmp = none
> > set input-filters 1 tos-filter protocol = 0
> > set input-filters 1 tos-filter source-address-mask = 0.0.0.0
> > set input-filters 1 tos-filter source-address = 0.0.0.0
> > set input-filters 1 tos-filter dest-address-mask = 0.0.0.0
> > set input-filters 1 tos-filter dest-address = 0.0.0.0
> > set input-filters 1 tos-filter Src-Port-Cmp = none
> > set input-filters 1 tos-filter source-port = 0
> > set input-filters 1 tos-filter Dst-Port-Cmp = none
> > set input-filters 1 tos-filter dest-port = 0
> > set input-filters 1 tos-filter precedence = 000
> > set input-filters 1 tos-filter type-of-service = normal
> > set output-filters 1 valid-entry = yes
> > set output-filters 1 forward = no
> > set output-filters 1 Type = ip-filter
> > set output-filters 1 gen-filter offset = 0
> > set output-filters 1 gen-filter len = 0
> > set output-filters 1 gen-filter more = no
> > set output-filters 1 gen-filter comp-neq = no
> > set output-filters 1 gen-filter mask =
00:00:00:00:00:00:00:00:00:00:00:00
> > set output-filters 1 gen-filter value =
00:00:00:00:00:00:00:00:00:00:00:00
> > set output-filters 1 ip-filter protocol = 6
> > set output-filters 1 ip-filter source-address-mask = 0.0.0.0
> > set output-filters 1 ip-filter source-address = 0.0.0.0
> > set output-filters 1 ip-filter dest-address-mask = 0.0.0.0
> > set output-filters 1 ip-filter dest-address = 0.0.0.0
> > set output-filters 1 ip-filter Src-Port-Cmp = eql
> > set output-filters 1 ip-filter source-port = 25
> > set output-filters 1 ip-filter Dst-Port-Cmp = eql
> > set output-filters 1 ip-filter dest-port = 25
> > set output-filters 1 ip-filter tcp-estab = no
> > set output-filters 1 route-filter source-address-mask = 0.0.0.0
> > set output-filters 1 route-filter source-address = 0.0.0.0
> > set output-filters 1 route-filter route-mask = 0.0.0.0
> > set output-filters 1 route-filter route-address = 0.0.0.0
> > set output-filters 1 route-filter add-metric = 0
> > set output-filters 1 route-filter action = none
> > set output-filters 1 ipx-filter src-net-address = 00:00:00:00
> > set output-filters 1 ipx-filter dest-net-address = 00:00:00:00
> > set output-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00
> > set output-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00
> > set output-filters 1 ipx-filter src-socket = 00:00
> > set output-filters 1 ipx-filter src-socket-cmp = none
> > set output-filters 1 ipx-filter dest-socket = 0
> > set output-filters 1 ipx-filter dst-socket-cmp = none
> > set output-filters 1 tos-filter protocol = 0
> > set output-filters 1 tos-filter source-address-mask = 0.0.0.0
> > set output-filters 1 tos-filter source-address = 0.0.0.0
> > set output-filters 1 tos-filter dest-address-mask = 0.0.0.0
> > set output-filters 1 tos-filter dest-address = 0.0.0.0
> > set output-filters 1 tos-filter Src-Port-Cmp = none
> > set output-filters 1 tos-filter source-port = 0
> > set output-filters 1 tos-filter Dst-Port-Cmp = none
> > set output-filters 1 tos-filter dest-port = 0
> > set output-filters 1 tos-filter precedence = 000
> > set output-filters 1 tos-filter type-of-service = normal
> >
> > When I run this to check, I connect to the account and then try to
Telnet
> > to a Sendmail server on Port 25. Each time I get a connection, which
means
> > it is not working. Can someone help me out here?
> >
> > Thanks in advance,
> > --Tom
> >
> >
> >
> > Tom Daly
> > Network Operations Administrator
> > G4 Communications Corp. / Metro2000 Internet Services
> > E: tomdaly at metro2000.net / W3: www.metro2000.net
>
> ----------------------------------------
> Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
> Content-Transfer-Encoding: quoted-printable
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.