Re: [leaf-user] Now On-Line but big trouble...

Tue, 22 Jul 2003 03:44:03 -0700 

Hello All, 

Am 22:32 2003-07-21 -0700 hat Matt Schalit geschrieben:

>I think all you need are these as your first
>firewall rules.
>
>FW="/sbin/ipfwadm"
>
>$FW -I -a accept -W eth0 -P tcp -o
>$FW -I -a accept -W eth0 -P udp -o
>$FW -O -a accept -W eth0 -P tcp -o
>$FW -O -a accept -W eth0 -P udp -o

OK, Done and network restarted... debug in pppd on
But I use ppp0 in place of eth0 and I get this: 

router# ifconfig -a

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:263 errors:0 dropped:0 overruns:0 frame:0
          TX packets:263 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:0 

eth0      Link encap:Ethernet  HWaddr 00:60:97:BD:23:FA  
          inet addr:192.168.1.128  Bcast:192.168.1.255  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31537 errors:0 dropped:0 overruns:0 carrier:31537
          Collisions:0 
          Interrupt:3 Base address:0x240 

eth1      Link encap:Ethernet  HWaddr 00:01:02:15:E0:87  
          inet addr:192.168.1.1  Bcast:192.168.1.63  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32281 errors:0 dropped:0 overruns:0 carrier:1
          Collisions:0 
          Interrupt:10 Base address:0xf800 

eth2      Link encap:Ethernet  HWaddr 00:01:02:15:DF:D8  
          inet addr:192.168.1.65  Bcast:192.168.1.95  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:92552 errors:0 dropped:0 overruns:0 carrier:6
          Collisions:126 
          Interrupt:12 Base address:0xf880 

eth3      Link encap:Ethernet  HWaddr 00:10:4B:B0:83:7E  
          inet addr:192.168.1.97  Bcast:192.168.1.111  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31537 errors:0 dropped:0 overruns:0 carrier:1
          Collisions:0 
          Interrupt:11 Base address:0xfc00 

eth4      Link encap:Ethernet  HWaddr 00:10:4B:AF:89:1B  
          inet addr:192.168.1.112  Bcast:192.168.1.119  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:0 
          Interrupt:9 Base address:0xfc80 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:80.9.196.110  P-t-P:193.251.96.169  Mask:255.0.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:48 errors:1 dropped:0 overruns:0 frame:0
          TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:0 
          Memory:5e1034-5e1c00 

router# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
193.251.96.169  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.112   0.0.0.0         255.255.255.248 U     0      0        0 eth4
192.168.1.96    0.0.0.0         255.255.255.240 U     0      0        0 eth3
192.168.1.64    0.0.0.0         255.255.255.224 U     0      0      106 eth2
192.168.1.0     0.0.0.0         255.255.255.192 U     0      0       86 eth1
192.168.1.128   0.0.0.0         255.255.255.128 U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0       62 lo
0.0.0.0         193.251.96.169  0.0.0.0         UG    0      0        6 ppp0

router# cat /var/log/syslog

Jul 22 11:27:31 router pppd[2969]: pppd 2.3.5 started by root, uid 0
Jul 22 11:27:31 router pppd[2969]: Using interface ppp0
Jul 22 11:27:31 router pppd[2969]: local  IP address 0.0.0.0
Jul 22 11:27:31 router pppd[2969]: remote IP address 193.252.19.3
Jul 22 11:27:35 router pppd[2969]: Starting link
Jul 22 11:27:36 router chat[2980]: report (CONNECT)
Jul 22 11:27:36 router chat[2980]: abort on (BUSY)
Jul 22 11:27:36 router chat[2980]: abort on (NO CARRIER)
Jul 22 11:27:36 router chat[2980]: abort on (VOICE)
Jul 22 11:27:36 router chat[2980]: abort on (NO DIALTONE)
Jul 22 11:27:36 router chat[2980]: abort on (ERROR)
Jul 22 11:27:36 router chat[2980]: send (ATZ^M)
Jul 22 11:27:36 router chat[2980]: expect (OK)
Jul 22 11:27:36 router chat[2980]: ATZ^M^M
Jul 22 11:27:36 router chat[2980]: OK
Jul 22 11:27:36 router chat[2980]:  -- got it 
Jul 22 11:27:36 router chat[2980]: send (AT\&FH0^M)
Jul 22 11:27:37 router chat[2980]: expect (OK)
Jul 22 11:27:37 router chat[2980]: ^M
Jul 22 11:27:37 router chat[2980]: AT&FH0^M^M
Jul 22 11:27:37 router chat[2980]: OK
Jul 22 11:27:37 router chat[2980]:  -- got it 
Jul 22 11:27:37 router chat[2980]: send (ATDT0860888080^M)
Jul 22 11:27:37 router chat[2980]: expect (CONNECT)
Jul 22 11:27:37 router chat[2980]: ^M
Jul 22 11:27:55 router chat[2980]: ATDT0860888080^M^M
Jul 22 11:27:55 router chat[2980]: CONNECT
Jul 22 11:27:55 router chat[2980]:  -- got it 
Jul 22 11:27:55 router chat[2980]: send (ppp^M)
Jul 22 11:27:56 router pppd[2969]: Serial connection established.
Jul 22 11:27:57 router pppd[2969]: Connect: ppp0 <--> /dev/ttyS0
Jul 22 11:28:00 router pppd[2969]: Remote message: 
Jul 22 11:28:00 router pppd[2969]: Local IP address changed to 80.9.196.110
Jul 22 11:28:00 router pppd[2969]: Remote IP address changed to
193.251.96.169
Jul 22 11:28:01 router kernel: IP fw-out acc ppp0 UDP 80.9.196.110:1205
193.252.19.3:53 L=61 S=0x00 I=5247 F=0x0000 T=64 
Jul 22 11:28:01 router kernel: IP fw-in acc ppp0 UDP 193.252.19.3:53
80.9.196.110:1205 L=204 S=0x00 I=7617 F=0x0040 T=248 
Jul 22 11:29:45 router kernel: IP fw-in acc ppp0 UDP 81.195.219.62:1025
80.9.196.110:137 L=78 S=0x00 I=50512 F=0x0000 T=112 
Jul 22 11:30:00 router /USR/SBIN/CRON[3000]: (root) CMD (/etc/multicron-p) 
Jul 22 11:36:08 router kernel: IP fw-in acc ppp0 UDP
195.174.20.208:1027 80.9.196.110:137 L=78 S=0x00 I=60877 F=0x0000 T=114 
Jul 22 11:40:32 router kernel: IP fw-in acc ppp0 UDP 203.198.28.4:1400
80.9.196.110:137 L=78 S=0x00 I=11520 F=0x0000 T=105 
Jul 22 11:42:52 router kernel: IP fw-in acc ppp0 UDP 12.206.181.41:3283
80.9.196.110:3283 L=33 S=0x00 I=45313 F=0x0040 T=233 
Jul 22 11:43:01 router kernel: IP fw-in acc ppp0 UDP 61.5.104.25:1028
80.9.196.110:137 L=78 S=0x00 I=43653 F=0x0000 T=101 
Jul 22 11:45:00 router /USR/SBIN/CRON[3114]: (root) CMD (/etc/multicron-p) 
Jul 22 11:45:02 router kernel: IP fw-in acc ppp0 UDP
195.87.11.210:35119 80.9.196.110:137 L=78 S=0x00 I=14269 F=0x0000 T=104 
Jul 22 11:47:13 router kernel: IP fw-in acc ppp0 UDP 61.35.145.9:1028
80.9.196.110:137 L=78 S=0x00 I=32716 F=0x0000 T=105 
Jul 22 11:50:19 router kernel: IP fw-in acc ppp0 UDP 217.2.174.103:1026
80.9.196.110:137 L=78 S=0x00 I=21562 F=0x0000 T=117 
Jul 22 11:53:00 router kernel: IP fw-in acc ppp0 UDP
202.130.81.37:10050 80.9.196.110:137 L=78 S=0x00 I=58108 F=0x0000 T=106 
Jul 22 11:57:43 router kernel: IP fw-in acc ppp0 UDP 62.29.118.8:1027
80.9.196.110:137 L=78 S=0x00 I=42910 F=0x0000 T=112 
Jul 22 12:00:00 router /USR/SBIN/CRON[3126]: (root) CMD (/etc/multicron-p) 
Jul 22 12:00:10 router kernel: VFS: Disk change detected on device 02:00 
Jul 22 12:00:24 router kernel: IP fw-in acc ppp0 UDP 218.6.129.87:1029
80.9.196.110:137 L=78 S=0x00 I=10443 F=0x0000 T=110 
Jul 22 12:00:45 router pppd[2969]: Terminating on signal 15.
Jul 22 12:00:46 router pppd[2969]: Connection terminated.
Jul 22 12:00:46 router pppd[2969]: Hangup (SIGHUP)
Jul 22 12:00:46 router pppd[2969]: Exit.


Hmmm, the lines after 'Local IP address changed' and 'Remote IP 
address changed' are wired... I mean the 'IP fw-in' lines.... 

If I interpret it right: 

1)      IP fw-out       80.9.196.110:1205       193.252.19.3:53
        (80.9.196.110 is the remote IP, 193.252.19.3 is the DNS 
         of my ISP, so it is a request from my router)

2)      IP fw-in        193.252.19.3:53         80.9.196.110:1205
        (the answer of the DNS Server)

3)      IP fw-in        81.195.219.62:1025      80.9.196.110:137
        =       has no hosthame
4)      IP fw-in        195.174.20.208:1027     80.9.196.110:137
        =       has no hosthame
5)      IP fw-in        203.198.28.4:1400       80.9.196.110:137
        =       awork062004.netvigator.com
6)      IP fw-in        12.206.181.41:3283      80.9.196.110:137
        =       12-206-181-41.client.attbi.com
7)      IP fw-in        61.5.104.25:1028        80.9.196.110:137
        =       ppp-malang.telkom.net.id
8)      IP fw-in        195.87.11.210:35119     80.9.196.110:137
        =       has no hosthame (ping timed out)
9)      IP fw-in        61.35.145.9:1028        80.9.196.110:137
        =       has no hosthame
10)     IP fw-in        217.2.174.103:1026      80.9.196.110:137
        =       pD902AE67.dip.t-dialin.net
11)     IP fw-in        202.130.81.37:10050     80.9.196.110:137
        =       has no hosthame
12)     IP fw-in        62.29.118.8:1027        80.9.196.110:137
        =       has no hosthame
13)     IP fw-in        218.6.129.87:1029       80.9.196.110:137
        =       has no hosthame (ping timed out)
...

PORT 137 are Netbios !!!


Do you liket o get more lines of the Last ???
I have more then 200 of them with different IP's and my pppd does not idle


Michelle






-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to