Re: Re: (ASCEND) ISDN Up all the time??!!

["Rylan Luke" <rylan@rymar.com>]

> Here we go again. :)

> On Fri, 30 Jan 1998, Frank Bieser wrote:

>> This is likely your problem.  Switch to NetBios over NetBEUI. 
>> The NetBios machines on the LAN are polling the LAN with a
>> broadcast packet.  That poll will cause the Ascend to raise the
>> ISDN connection. 

> Never use NetBEUI. Use the following call filter at the pipeline
> instead. This one will forward only TCP traffic and DNS, except
> `DNS for WINS resolution' packets. 

> Out filter 01...Valid=Yes
> Out filter 01...Type=IP
> Out filter 01...Ip...Forward=Yes
> Out filter 01...Ip...Src Mask=0.0.0.0
> Out filter 01...Ip...Src Adrs=0.0.0.0
> Out filter 01...Ip...Dst Mask=0.0.0.0
> Out filter 01...Ip...Dst Adrs=0.0.0.0
> Out filter 01...Ip...Protocol=17
> Out filter 01...Ip...Src Port Cmp=Neq
> Out filter 01...Ip...Src Port #=137  
> Out filter 01...Ip...Dst Port Cmp=Eql
> Out filter 01...Ip...Dst Port #=53
> Out filter 02...Valid=Yes
> Out filter 02...Type=IP  
> Out filter 02...Ip...Forward=Yes
> Out filter 02...Ip...Src Mask=0.0.0.0
> Out filter 02....Ip...Src Adrs=0.0.0.0
> Out filter 02...Ip...Dst Mask=0.0.0.0
> Out filter 02...Ip...Dst Adrs=0.0.0.0
> Out filter 02...Ip...Protocol=6
> Out filter 02...Ip...Src Port Cmp=None
> Out filter 02...Ip...Src Port #=0
> Out filter 02...Ip...Dst Port Cmp=None
> Out filter 02...Ip...Dst Port #=0
> Out filter 02...Ip...TCP Estab=No

I don't think you can give your users TCP/IP networking capability 
under Windows without using NetBIOS over TCP/IP, so the suggestion to 
switch to NetBIOS over NetBEUI is not very practical.

As another data point, here is the the set of call filters I use to 
block all spurious dialing on a small network of Win NT machines 
through a Pipeline 75.

The P75 is configured as an IP router only (and uses multiple 
address NAT, which I don't think affects these filters at all).

Remember that these are the *differences* from the default settings,
so Forward defaults to No; i.e. these are blocking filters. My
understanding is that the SrcPort numbers 137, 138, and 139 are the
broadcast ports for NetBIOS over TCP/IP, which should not be allowed 
to bring up the link.

Filter number 4 is to block an annoying behavior of Windows NT 4.0 
(and I think Win 95). On OS startup, NT pings (ICMP, Protocol=1) 
the DNS server; filter number 4 blocks this. Your users will not be 
able to ping the domain name server, but it will still do domain name 
resolution just fine.

This setup assumes the DNS server is on the other side of the
Pipeline; you won't need filter 4 if your DNS server is local to
your network.


Out filter 01...Valid=Yes
Out filter 01...Type=IP
Out filter 01...Ip...Protocol=17
Out filter 01...Ip...Src Port Cmp=Eql
Out filter 01...Ip...Src Port #=137
Out filter 02...Valid=Yes
Out filter 02...Type=IP
Out filter 02...Ip...Protocol=17
Out filter 02...Ip...Src Port Cmp=Eql
Out filter 02...Ip...Src Port #=138
Out filter 03...Valid=Yes
Out filter 03...Type=IP
Out filter 03...Ip...Protocol=17
Out filter 03...Ip...Src Port Cmp=Eql
Out filter 03...Ip...Src Port #=139
Out filter 04...Valid=Yes
Out filter 04...Type=IP
Out filter 04...Ip...Dst Mask=255.255.255.255
Out filter 04...Ip...Dst Adrs=<your DNS IP number here>
Out filter 04...Ip...Protocol=1
Out filter 12...Valid=Yes
Out filter 12...Type=IP
Out filter 12...Ip...Forward=Yes
_______________________________
  Rylan Luke (rylan@rymar.com)
  Rymar Engineering
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

• Prev by Date: Re: (ASCEND) upgrading from 4.6A
• Next by Date: Re: (ASCEND) Ascend-Disconnect-Cause
• Prev by thread: Re: (ASCEND) upgrading from 4.6A
• Next by thread: (ASCEND) flash error while upgrading p130(4.6A -> 4.6C)
• Index(es):
  • Main
  • Thread