Re: [RadiusNT] Filters

Mauro J. Jaskelioff ( (no email) )
Wed, 10 Mar 1999 19:18:15

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: David Sovereen: "[RadiusNT] Crap Connections / Junk ODBC"
Next message: Geoffrey L. Scully: "Re: [RadiusNT] Filters"

If the HiperARC disconnects you, it could be that you're trying to assign a
filter that is not defined in the HiperArc.
You should add two filters: mail.in and mail.out
If you only want to filter incoming packets set the mail.out to

#filter
IP:
10 ACCEPT dst-addr =3D 0.0.0.0/0;

To check that a filter has been assigned to an interface you could do a
show session username (where username is any of the sessions that appears
in "list session")

At 13:56 10/03/1999 -0800, you wrote:
>When I tell Hiper ARC to "add filter mail.in" is that what it should be?
>Presently I just put in as " add filter mail" and it does not work. The
Hiper ARC
>keeps disconnecting me.
>
>"Geoffrey L. Scully" wrote:
>
>> I applied it to the interfaces. But it does not make a difference.
They still
>> surf just like before. Not working for some reason.
>>
>> Mauro Jaskelioff wrote:
>>
>> > If you apply the filter to the interface, everyone willl be filtered.
>> > Unless this is what you want, don;t apply the filter to the interface.
Just
>> > create a mail.in and a mail.out. In RADIUS the filter-id attribute
should be
>> > set to "mail".
>> > The DNS is important so your users could use smtp.yourdomain.com
as SMTP
>> > server in their mail client
>> > Remember that .in is traffic coming from the dial-up user to the NAS,=
and
>> > .out is traffic going from the NAS to the Dial-up user.
>> >
>> > -----Mensaje original-----
>> > De: Geoffrey L. Scully <info@olynet.com>
>> > Para: radiusnt@iea-software.com <radiusnt@iea-software.com>
>> > Fecha: Martes, 09 de Marzo de 1999 07:20 p.m.
>> > Asunto: Re: [RadiusNT] Filters
>> >
>> > >I named them email and emailout. Then I set the interfaces to use
input as
>> > >email and output as emailout. Then I make the two extra attributes in
>> > Radius as
>> > >framed-filter "email" and framed-filter "emailout", correct? Why is=
the
>> > DNS
>> > >port important for output?
>> > >
>> > >Mauro Jaskelioff wrote:
>> > >
>> > >> For most NASes you set the filter name in Radius (ie: Filter-Id=3Dma=
il )
>> > and
>> > >> then you define in the NAS two filters, mail.in and mail.out. This
is the
>> > >> most standard procedure. The HiperArc also has others way to define
>> > filters,
>> > >> though.
>> > >>
>> > >> -----Mensaje original-----
>> > >> De: Geoff <info@olynet.com>
>> > >> Para: radiusnt@iea-software.com <radiusnt@iea-software.com>
>> > >> Fecha: Martes, 09 de Marzo de 1999 03:47 p.m.
>> > >> Asunto: Re: [RadiusNT] Filters
>> > >>
>> > >> >How do you determine whether it is an input or output filter. I
thought
>> > it
>> > >> >just worked both ways.
>> > >> >----- Original Message -----
>> > >> >From: Mauro Jaskelioff <mauro@citynet.net.ar>
>> > >> >To: <radiusnt@iea-software.com>
>> > >> >Sent: Tuesday, March 09, 1999 4:21 AM
>> > >> >Subject: RE: [RadiusNT] Filters
>> > >> >
>> > >> >
>> > >> >>You'll probable want to allow port 53 (DNS).
>> > >> >>since you're using tcp-src-port, make sure you apply this to the
..out
>> > >> >>filter.
>> > >> >>
>> > >> >>-----Mensaje original-----
>> > >> >>De: Geoffrey L. Scully <info@olynet.com>
>> > >> >>Para: radiusnt@iea-software.com <radiusnt@iea-software.com>
>> > >> >>Fecha: Martes, 09 de Marzo de 1999 02:41 a.m.
>> > >> >>Asunto: [RadiusNT] Filters
>> > >> >>
>> > >> >>
>> > >> >>>Hey, should this be a good filter for email only on a 3COM Hiper
>> > >> >>>chassis?
>> > >> >>>
>> > >> >>>
>> > >> >>>#filter
>> > >> >>>IP:
>> > >> >>>001 ACCEPT tcp-src-port =3D 25;
>> > >> >>>002 ACCEPT tcp-src-port =3D 110;
>> > >> >>>003 ACCEPT tcp-src-port =3D 119;
>> > >> >>>004 DENY;
>> > >> >>>
>> > >> >>>
>> > >> >>>For more information about this list, including removal, please
>> > >> >>>see this URL: http://www.iea-software.com/maillist.html
>> > >> >>>
>> > >> >>
>> > >> >>
>> > >> >>For more information about this list, including removal, please
>> > >> >>see this URL: http://www.iea-software.com/maillist.html
>> > >> >
>> > >> >
>> > >> >For more information about this list, including removal, please
>> > >> >see this URL: http://www.iea-software.com/maillist.html
>> > >> >
>> > >>
>> > >> For more information about this list, including removal, please
>> > >> see this URL: http://www.iea-software.com/maillist.html
>> > >
>> > >
>> > >For more information about this list, including removal, please
>> > >see this URL: http://www.iea-software.com/maillist.html
>> > >
>> >
>> > For more information about this list, including removal, please
>> > see this URL: http://www.iea-software.com/maillist.html
>>
>> For more information about this list, including removal, please
>> see this URL: http://www.iea-software.com/maillist.html
>
>
>For more information about this list, including removal, please
>see this URL: http://www.iea-software.com/maillist.html
>
>
*********************************
* Mauro J. Jaskelioff *
* mauro@citynet.net.ar *
* Depto T=E9cnico *
* Citynet S.A. *
* http://www.citynet.com.ar *
* Ciudad Internet *
* http://www.ciudad.com.ar *
*********************************

For more information about this list, including removal, please
see this URL: http://www.iea-software.com/maillist.html

Previous message: David Sovereen: "[RadiusNT] Crap Connections / Junk ODBC"
Next message: Geoffrey L. Scully: "Re: [RadiusNT] Filters"