can anyone help with this (my brain's too small and I conclude I don't
understand the filtering rules properly :))
Linux 2.0.35
diald 0.16.5
ISDN TA (treated just as an external modem)
Every samba connection (from W95 at least) causes the line to go up. With
debug 89 the following is logged:
Nov 4 16:28:01 prague syslogd 1.3-3: restart.
Nov 4 16:28:20 prague diald[19732]: filter accepted rule 1 proto 6 len 44 seq
103f7cf2 ack 193b6fe flags SYN ACK packet 100.100.1.1,139 =>
10.0.0.1,1135
Nov 4 16:28:20 prague diald[19732]: Adding connection 0x805e5f8 @
910196900 - timeout 15
Nov 4 16:28:21 prague diald[19732]: Running connect (pid = 19807).
Nov 4 16:28:21 prague connect: Initializing Modem
Nov 4 16:28:21 prague connect: Dialing system
tcpdump shows this initial activity on port 139 (netbios-ssn)
16:51:50.290000 shirleyb.prague.stalbans.gov.uk.1150 >
prague.stalbans.gov.uk.netbios-ssn: S 27868
424:27868424(0) win 8192 <mss 1460> (DF)
16:51:50.290000 prague.stalbans.gov.uk.netbios-ssn >
shirleyb.prague.stalbans.gov.uk.1150: S 41056
52420:4105652420(0) ack 27868425 win 32736 <mss 1460>
nothing shows on
netbios-ns 137/tcp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
my standard.filter file is thus (comments omitted):
-------------------------------------------------------
accept tcp 15 tcp.syn
ignore tcp tcp.dest=tcp.auth
ignore tcp tcp.source=tcp.auth
ignore tcp tcp.dest=tcp.nntp
ignore tcp tcp.source=tcp.nntp
ignore tcp tcp.dest=tcp.domain
ignore tcp tcp.source=tcp.domain
ignore tcp tcp.dest=tcp.netbios-ssn # why doesn't this catch things?
ignore tcp tcp.source=tcp.netbios-ssn # why doesn't this catch things?
ignore tcp ip.tot_len=40,tcp.live
accept tcp 120 tcp.dest=tcp.www
accept tcp 120 tcp.source=tcp.www
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
accept tcp 120 tcp.dest=tcp.ftp
accept tcp 120 tcp.source=tcp.ftp
accept tcp 600 any
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
ignore udp udp.source=udp.timed
ignore udp udp.dest=udp.domain,udp.source=udp.domain
accept udp 30 udp.dest=udp.domain
accept udp 30 udp.source=udp.domain
ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
accept udp 10 any
---------------------------------------------------------
It appears the:
accept tcp 15 tcp.syn
is being triggered with a SYN ACK but surely I can't do much about this ?!?!
I've tried a variety of rules to ignore all tcp/udp packets that come/go on
137,138,139 but all to no avail...
thanks for any help
Mark
Mark Tiramani
FREDO / ENTERPRISE AB / EAB/NPA-CONNECT
[EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
