Hi,
new to the list... have diald 0.16.5 running
about 3-4 weeks now, and I really like the
flexibility it gives my site. I am using
diald on a clone pentium system running RedHat 5.1
along with IP masquerading mods, so other networked
Linux, Sun and Windows boxes can share the phone line
to the outside world. diald has negated the need
to have the link/phone up before another system
tries an offsite request. Now, my Linux system
runs unattended without needing a monitor/console.
However, I am getting annoyed with diald incessantly
dialing every few minutes.
I turned on debug output and see that domain or
dns is apparently the culprit here. Some of the
rule matches are from localhost, port 53 proly via
gethostbyname lib calls. Others are coming from an
NT box via IP masqueraded port 61xxx, even when no
one is doing anything there?
But, in the standard.filter file, I thought there
were some rules for defeating nameserver traffic from
causing it to dial?! If not, then what are rules 2 & 3
for? What are rules 24 & 25 doing? It seems that
24/25 contradict 2/3? help!
FWIW, I do NOT run any named nor gated on my network.
Each system has all of the other local net systems
defined in its own host file.
Thanks for any tips, suggestions to help me tune my
config and cut down on nuisance dialing.
ed
--
../\/\/\/\.../\/\/\....../\/\/\/\.... Ed Franks \/............
../\......../\.........../\.......... Unix SysAdm \/..........
../\/\/\..../\.../\/\..../\/\/\...... DynCorp I&ET. \/........
../\......../\...../\..../\.......... Albuquerque, NM \/......
../\/\/\/\.../\/\/\/\..../\.......... ph: 1-505-853-3491 \/....
PS: My config files...
#-------------------[ /etc/diald.conf ]---------------#
# diald.conf - diald configuration file
#
mode ppp
connect /etc/diald/connect
device /dev/cua1
speed 115200
modem
lock
crtscts
fifo /etc/diald/diald.ctl
local 198.59.166.181
remote 198.59.166.19
defaultroute
#
#restrict 07:00:00 22:00:00 0 * *
#or-restrict 07:00:00 22:00:00 6 * *
#down
restrict 19:00:00 21:30:00 1-5 * *
or-restrict 05:45:00 07:00:00 1-5 * *
down
#
restrict * * * * *
include /usr/lib/diald/standard.filter
#
#---------------[ end of diald.conf ]---------------#
#-------------------------[ standard.filter ]----------------------------------
#
# 07/24/99 - minor tweaks for olwyn.egf-net egf
#
#------------------------------------------------------------------------------
# This is a pretty complicated set of filter rules.
# (These are the rules I use myself.)
#
# I've divided the rules up into four sections.
# TCP packets, UDP packets, ICMP packets and a general catch all rule
# at the end.
#------------------------------------------------------------------------------
# Rules for TCP packets.
#------------------------------------------------------------------------------
# General comments on the rule set:
#
# In general we would like to treat only data on a TCP link as signficant
# for timeouts. Therefore, we try to ignore packets with no data.
# Since the shortest possible set of headers in a TCP/IP packet is 40 bytes.
# Any packet with length 40 must have no data riding in it.
# We may miss some empty packets this way (optional routing information
# and other extras may be present in the IP header), but we should get
# most of them. Note that we don't want to filter out packets with
# tcp.live clear, since we use them later to speedup disconnects
# on some TCP links.
#
# We also want to make sure WWW packets live even if the TCP socket
# is shut down. We do this because WWW doesn't keep connections open
# once the data has been transfered, and it would be annoying to have the link
# keep bouncing up and down every time you get a document.
#
# Outside of WWW the most common use of TCP is for long lived connections,
# that once they are gone mean we no longer need the network connection.
# We don't neccessarily want to wait 10 minutes for the connection
# to go down when we don't have any telnet's or rlogin's running,
# so we want to speed up the timeout on TCP connections that have
# shutdown. We do this by catching packets that do not have the live flag set.
# --------------------- start of rule set proper -----------------------
# Note: each set of rules is numbered in a comment line so that specific
# rules are easier to find. When diald is run in debug 1 mode,
# then verbose log messages are identified in /var/log/messages
# by the rule number matched by some IP traffic.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 1 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# When initiating a connection we only give the link 15 seconds initially.
# The idea here is to deal with possibility that the network on the opposite
# end of the connection is unreachable. In this case you don't really
# want to give the link 10 minutes up time. With the rule below
# we only give the link 15 seconds initially. If the network is reachable
# then we will normally get a response that actually contains some
# data within 15 seconds. If this causes problems because you have a slow
# response time at some site you want to regularly access, you can either
# increase the timeout or remove this rule.
accept tcp 15 tcp.syn
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 2 & 3 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Keep named xfers from holding the link up
ignore tcp tcp.dest=tcp.domain
ignore tcp tcp.source=tcp.domain
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 4 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# keep empty packets from holding the link up (other than empty SYN packets)
ignore tcp ip.tot_len=40,tcp.live
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 5 & 6 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# make sure http transfers hold the link for 8 minutes, after they end.
# The original was 2 minutes, but I can't always guarantee that the last
# webpage downloaded was read in 2 minutes.
accept tcp 480 tcp.dest=tcp.www
accept tcp 480 tcp.source=tcp.www
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 7 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# ensure originating finger requests bring up and hold the link
# for 8 minutes.
accept tcp 480 tcp.source=tcp.finger
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 8 & 9 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Once the link is no longer live, we try to shut down the connection
# quickly. Note that if the link is already down, a state change
# will not bring it back up.
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 10 - 13 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# an ftp-data or ftp connection can be expected to show reasonably frequent
# traffic.
accept tcp 120 tcp.dest=tcp.ftp
accept tcp 120 tcp.source=tcp.ftp
accept tcp 120 tcp.dest=tcp.ftp-data
accept tcp 120 tcp.source=tcp.ftp-data
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 14 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# If we don't catch it above, give the link 10 minutes up time.
accept tcp 600 any
#------------------------------------------------------------------------------
# Rules for UDP packets
#------------------------------------------------------------------------------
#
# We time out domain requests right away, we just want them to bring
# the link up, not keep it around for very long.
# This is because the network will usually come up on a call
# from the resolver library (unless you have all your commonly
# used addresses in /etc/hosts, in which case you will discover
# other problems.)
# Note that you should not make the timeout shorter than the time you
# might expect your DNS server to take to respond. Otherwise
# when the initial link gets established there might be a delay
# greater than this between the initial series of packets before
# any packets that keep the link up longer pass over the link.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 15 & 16 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Don't bring the link up for rwho.
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 17 & 18 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Don't bring the link up for RIP.
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 19 - 22 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Don't bring the link up for NTP or timed.
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
ignore udp udp.source=udp.timed
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 23 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Don't bring up on domain name requests between two running nameds.
ignore udp udp.dest=udp.domain,udp.source=udp.domain
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 24 & 25 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Bring up the network whenever we make a domain request from someplace
# other than named.
accept udp 30 udp.dest=udp.domain
accept udp 30 udp.source=udp.domain
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules ?-?? ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Do the same for netbios-ns broadcasts
# NOTE: your /etc/services file may not define the netbios-ns service
# in which case you should comment out the next three lines.
#ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
#accept udp 30 udp.dest=udp.netbios-ns
#accept udp 30 udp.source=udp.netbios-ns
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rules 26 & 27 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# keep routed and gated transfers from holding the link up
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 28 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Anything else gets 2 minutes.
accept udp 120 any
#------------------------------------------------------------------------------
# General catch-all rule
#------------------------------------------------------------------------------
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Rule 29 ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Catch any packets that we didn't catch above and give the connection
# 30 seconds of live time.
accept any 30 any
#-------------------------[ end of standard.filter ]-------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
