Re: (ASCEND) call fliter problem

To: ascend-users@bungi.com
Subject: Re: (ASCEND) call fliter problem
From: "Hartmut Schroeder" <hacko@mms.de>
Date: Mon, 29 Nov 1999 14:41:47 +0100
In-reply-to: <15692.991129@sh.col.com.cn>
Priority: normal
Reply-to: hacko@mms.de
Sender: owner-ascend-users@max.bungi.com



Date sent:      	Mon, 29 Nov 1999 16:36:46 +0800
From:           	ericxu <eric@sh.col.com.cn>
Send reply to:  	ericxu <eric@sh.col.com.cn>
Organization:   	col sh
Priority:       	Normal
To:             	ascend-users@bungi.com
Subject:        	(ASCEND) call fliter problem

> Hello Ascend-users,
> 
>   We use pipeline50 to connect to our ISP,We want to deny one ip-address
>   (i.e. 192.168.0.230)  to access internet. How should we do,and now when we set up a ip
>   call fliter any ip in our LAN could not access the internet.

Call Filters don't do what you want. They apply your Idletimers but pass Data. 
Let's say you don't want that an continous PING from the Internet to your Net 
keeps your Line up. Then you would use Call filters.

Data filters do what you need.
The following is an Example to prevent some bloddy Windozemaschines to send
fu**ing Netbios-Packets to the Outside.

Ethernet
  Connections
    20-101
      Station=provider
      Active=Yes
      Session options
        Data Filter=1

  Filters
    IP Call
      Name=no_netbios
      Input filters
        In filter 01
          Valid=Yes
          Type=IP
          IP
            Forward=Yes
            Protocol=0
            Src Port Cmp=None
            Dst Port Cmp=None
      Output filters
        Out filter 01
          Valid=Yes
          Type=IP
          IP
            Forward=No
            Protocol=17
            Src Port Cmp=Eql
            Src Port #=137
        Out filter 02
          Valid=Yes
          Type=IP
          IP
            Forward=No
            Protocol=17
            Dst Port Cmp=Eql
            Dst Port #=137  
        Out filter 03
          Valid=Yes
          Type=IP
          IP
            Forward=No
            Protocol=17
            Dst Port Cmp=Eql
            Dst Port #=138
        Out filter 04
          Valid=Yes
          Type=IP
          IP
            Forward=No
            Protocol=6
            Dst Port Cmp=Eql
            Dst Port #=139
        Out filter 12
          Valid=Yes
          Type=IP
          IP
            Forward=Yes
            Protocol=0
            Src Port Cmp=None
            Dst Port Cmp=None


This is simmilar to your Problem:

      Output filters
        Out filter 01
          Valid=Yes
          Type=IP
          IP
            Forward=No
            Src Mask=255.255.255.255
            Src Adrs=192.168.0.230
            Protocol=0


Regards H.Schroeder


Hartmut Schroeder             MMS Communication AG
mailto:hacko@mms.de           Eiffestrasse 598
http://www.mms.de/~hacko      20537 Hamburg, Germany
Phone: +49 40 211105-40       Fax: +49 40 210 32 210
UTM 32U0569835 5934083 WGS84
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- (ASCEND) call fliter problem
  - From: ericxu <eric@sh.col.com.cn>

Prev by Date: (ASCEND) Debug Profil
Next by Date: (ASCEND) Ascend Lease Buyout
Prev by thread: (ASCEND) call fliter problem
Next by thread: (ASCEND) Debug Profil
Index(es):
- Date
- Thread