Theo. Sean Schulze wrote:
> Well, I've now gotten diald to connect when I want it to, but I guess I
> need to work on keeping it from connecting when I don't want it to. It
> seems that over the last hour or so that I have had diald up and running
> on my system it has dialed my ISP at each quarter hour minus one minute
> (e.g., 18:59, 19:14). Looking at the tail of /var/log/messages, I see
> that rule 22 proto 17 seems to be the culprit. What is this rule? I
> don't see any numbers in /usr/lib/diald/standard.filter. Where in the man
> pages is this addressed?
>
Sorry about the delayed reply - just now catching up on a month's email.
The answers I've seen in this thread may help if you want to disable Samba, but
if you are using Samba to network your linux box to some Microsoft clients then
you don't want to disable this feature, you just want to keep the SMB traffic on
the local side of your dialup interface.
The right place to fix this is in your /etc/diald.conf (or wherever it happens
to live...). Just add these lines:
ignore udp udp.source=udp.netbios-dgm,udp.dest=udp.netbios-dgm
ignore udp udp.dest=udp.netbios-dgm
ignore udp udp.source=udp.netbios-dgm
ignore udp udp.source=udp.netbios-ssn,udp.dest=udp.netbios-ssn
ignore udp udp.dest=udp.netbios-ssn
ignore udp udp.source=udp.netbios-ssn
That'll kill the problem stone dead at its source.
Also if you have any similar problems in future:
1) Look up the rule number in your diald.conf (and any filter files in use). The
rule numbers are allocated sequentially. Yes, it's particularly stupid that they
aren't allocated a label in the conf file. Still, it's trivial to write a script
to reveal the number of each rule. There is a perl script given below which will
do this for you and save you having to count on your fingers. I got it off
usenet I think but to my shame I've lost all record of the author.
2) You can look up the 'proto'protocol number in /etc/protocols but its not
necessary if the protocol is already named in the diald filter rule you just
looked at which it usually is.
3) The IP addresses given in the syslog message you quoted are followed by a
comma and then another number. This is the port number. Look it up in
/etc/services to get a clearer idea of what is causing the traffic.
That's as far as I've figured it out. Having reached this point, if anyone knows
how to identify the program responsible, using some esoteric tools like packet
sniffers or something. will they please post some hints here!
Regards
Ralph Clark
PS. Here's that perl script:
--
#!/usr/bin/perl
$show_all_lines = 1; # 0 to output only rules.
$location_of_diald_conf = '/etc';
$name_of_diald_conf = 'diald.conf';
$number_of_digits = 2; # For rule numbers.
$pattern_to_get_diald_filter_locations_from_diald_conf = '.*filter';
# @filter_files = &form_list_of_filter_files;
# You could start here with
# @filter_files = ("path to your filter file");
@filter_files = ("/etc/diald.conf");
&count_through_list_of_filter_files(@filter_files);
# Done. Output has erupted from STDOUT.
sub count_through_list_of_filter_files {
local (@filter_files, $indent, $rule) = @_;
$indent = " " x ($number_of_digits + 1);
while ($#filter_files > -1) {
$_ = shift(@filter_files);
# print "$_\n";
open(FILTER, $_) || die("Can't open filter\n\t$_\n\t");
while (!eof(FILTER)) {
$_ = <FILTER>;
if (&its_a_rule($_)) {
$rule += 1;
printf "%${number_of_digits}d %s", $rule, $_; }
elsif ($show_all_lines) { print $indent, $_; } }
close(FILTER); } }
sub form_list_of_filter_files {
local ($path_to_diald_conf, @filter_files);
$path_to_diald_conf = "$location_of_diald_conf/$name_of_diald_conf";
open(DIALD_CONF, "$path_to_diald_conf")
|| die("Can't open diald.conf: $path_to_diald_conf\n\t");
while (!eof(DIALD_CONF)) {
$_ = <DIALD_CONF>;
# print "$_\n";
next unless
(/$pattern_to_get_diald_filter_locations_from_diald_conf/io);
next if (/^#/);
next unless (s/^include //io);
s/\s+$//o;
next if (/\s/o);
# print "$_\n";
push (@filter_files, $_); }
close(DIALD_CONF);
if ($#filter_files < 0) { die("Can't find filter file names"
. "\n\tin $path_to_diald_conf\n\t"); }
@filter_files; }
sub its_a_rule {
local ($_, $count_it) = @_;
$count_it = 1; # This line is a rule.
if (/^#/o) { $count_it = 0; } # Not a rule.
if (/^\s*$/o) { $count_it = 0; } # Not a rule.
$count_it; }
# end of perl script
--
[EMAIL PROTECTED] Ralph Clark, Virgo Solutions Ltd (UK)
__ _
/ / (_)__ __ ____ __ * Powerful * Flexible * Compatible * Reliable *
/ /__/ / _ \/ // /\ \/ / *Well Supported * Thousands of New Users Every Day*
/____/_/_//_/\_,_/ /_/\_\ The Cost Effective Choice - Linux Means Business!
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
