Re: [Emerald] Adding filters on a PM3
Ed Miller ( (no email) )
Tue, 2 Feb 1999 10:47:31 -0500
We are using Emerald 2.5.227 and the PM3's w/3.8.2 OS as our RAS.
>
>What we are trying to do is to set up an online signup system that will let
>anyone to access our RAS with a set username and password (for example
>username : newcustomer and password : newcustomer). Those who are dialing
in
>with this username and password will be told to go to our subscription page
>(for example subscribe.abcnet.com w/IP 199.199.199.199)to fill out the
>relevant pages and get a membership online.
>
>To achieve this we added a filter named online to the PM3 as below. Our aim
>is to prevent people to go anywhere else other than the subscription page.
>Let's assume that our DNS server is at 199.199.199.1 :
>
>Filtername : online
> 1 permit 0.0.0.0/0 199.199.199.1/32 tcp dst eq 53
> 2 permit 0.0.0.0/0 199.199.199.1/32 udp dst eq 53
> 3 permit 0.0.0.0/0 199.199.199.199/32 tcp dst eq 80
>
>
>Once this was accomplished we created a service account (name : online
>subsciption) in Emerald and added as the service default Framed-Filter :
>online
>
>Guess what? It didn't work. People acessing the RAS with the above filter
>and username/password can still go anywhere they want.
>
>We found out that the Rad Attribute should be Framed-Filter-Id for PM3 and
>changed that accordingly. But still it let's everyone through.
>
>What are we doing wrong here ? Should we add the rad attribute as a VSA ?
>Is something wrong with the filter ?
>
>Any help will be appreciated.
>
I have no answer to this but I do have a question. Why RAS? Arn't you using
RadiusNT with the Emerald? Do you mean NAS?
For more information about this list, including removal,
please see http://www.iea-software.com/maillist.html