Hi
I am still trying to trace the origin of some of the packets handled by
diald and have used debug 31 as suggested. A snippet from my log messages
file is (with comments - the diald.conf and diald/phone.filter files
were as in the msg sent the other day):
Starting up:
--------------------------------------------------------------------
Nov 18 15:42:53 mercury diald[13090]: Starting diald version 0.16.5
Nov 18 15:42:53 mercury diald[13090]: Proxy device established on
interface sl0
Nov 18 15:42:54 mercury diald[13090]: Setting pointopoint route for sl0
Nov 18 15:42:54 mercury diald[13090]: Establishing routes for sl0
Nov 18 15:42:54 mercury diald[13090]: Changed snoop device to sl0
Nov 18 15:42:54 mercury diald[13090]: Diald initial setup completed.
--------------------------------------------------------------------
A packet came from somewhere. I have no IP 192.168.0.1 (all mine are
192.168.1.*). Except the local and remote IP (with dynamic addressing)
are set to 192.168.0.1 and 192.168.0.2 but these should be replaced).
Anyway it is going to the broadcast 192.168.0.255 and shouldn't be looking
outside at all. Pourquoi? Anyway, diald pulls in pppd ...
--------------------------------------------------------------------
Nov 18 15:42:58 mercury diald[13090]: filter accepted rule 26 proto 17 len
241 packet 192.168.0.1,138 => 192.168.0.255,138
Nov 18 15:42:59 mercury diald[13090]: Running connect (pid = 13095).
Nov 18 15:43:06 mercury diald[13090]: Running pppd (pid = 13096).
Nov 18 15:43:06 mercury pppd[13096]: pppd 2.3.5 started by root, uid 0
Nov 18 15:43:06 mercury pppd[13096]: Using interface ppp0
Nov 18 15:43:06 mercury pppd[13096]: Connect: ppp0 <--> /dev/modem
Nov 18 15:43:06 mercury pppd[13096]: Remote message:
Nov 18 15:43:06 mercury pppd[13096]: not replacing existing default route
to sl0 [0.0.0.0]
Nov 18 15:43:06 mercury pppd[13096]: local IP address 212.23.16.26
Nov 18 15:43:06 mercury pppd[13096]: remote IP address 212.23.10.249
Nov 18 15:43:11 mercury diald[13090]: New addresses: local 212.23.16.26,
remote 212.23.10.249.
Nov 18 15:43:11 mercury diald[13090]: Setting pointopoint route for ppp0
Nov 18 15:43:11 mercury diald[13090]: Establishing routes for ppp0
Nov 18 15:43:11 mercury diald[13090]: Changed snoop device to ppp0
--------------------------------------------------------------------
Then I started to ping my ISP's mail server, so (remember that
212.23.16.26 is the dynamic local IP and 194.72.186.1 is the mailserver)
...
--------------------------------------------------------------------
Nov 18 15:44:22 mercury diald[13090]: filter accepted rule 26 proto 17 len
64 packet 212.23.16.26,1230 => 194.72.186.1,53
Nov 18 15:44:22 mercury diald[13090]: filter accepted rule 26 proto 17 len
197 packet 194.72.186.1,53 => 212.23.16.26,1230
Nov 18 15:44:22 mercury diald[13090]: filter accepted rule 27 proto 1 len
84 packet 212.23.16.26,0 => 212.23.8.4,0
Nov 18 15:44:22 mercury diald[13090]: filter accepted rule 27 proto 1 len
84 packet 212.23.8.4,0 => 212.23.16.26,0
--------------------------------------------------------------------
etc
--------------------------------------------------------------------
Nov 18 15:45:22 mercury diald[13090]: filter accepted rule 26 proto 17 len
78 packet 212.23.16.26,137 => 192.168.0.255,137
Nov 18 15:45:26 mercury last message repeated 3 times
--------------------------------------------------------------------
and 55 seconds later, it closes it down. This corresponds to the line
accept udp 55 any
in my phone/filter file (I have different times for each rule to trace
them).
--------------------------------------------------------------------
Nov 18 15:46:21 mercury diald[13090]: Closing down idle link.
Nov 18 15:46:22 mercury kernel: Swansea University Computer Society IPX
0.34 for NET3.035
Nov 18 15:46:22 mercury kernel: IPX Portions Copyright (c) 1995 Caldera,
Inc.
Nov 18 15:46:23 mercury kernel: Appletalk 0.17 for Linux NET3.035
Nov 18 15:46:23 mercury diald[13090]: Setting pointopoint route for sl0
Nov 18 15:46:23 mercury diald[13090]: Establishing routes for sl0
Nov 18 15:46:23 mercury diald[13090]: Removing routes for ppp0
Nov 18 15:46:23 mercury diald[13090]: Deleting pointopoint route for ppp0
Nov 18 15:46:23 mercury diald[13090]: Closed fwdfd
Nov 18 15:46:23 mercury diald[13090]: Changed snoop device to sl0
Nov 18 15:46:23 mercury pppd[13096]: Terminating on signal 2.
Nov 18 15:46:23 mercury pppd[13096]: Connection terminated.
Nov 18 15:46:23 mercury pppd[13096]: Exit.
Nov 18 15:46:24 mercury diald[13090]: Setting pointopoint route for sl0
Nov 18 15:46:24 mercury diald[13090]: Establishing routes for sl0
Nov 18 15:46:24 mercury diald[13090]: Closing modem line.
Nov 18 15:46:25 mercury diald[13090]: Delaying 10 seconds before clear to
dial.
Nov 18 15:48:23 mercury kernel: PPP: ppp line discipline successfully
unregistered
--------------------------------------------------------------------
Then I killed diald. Dead...
Is there an explanation somewhere or a way of stopping class C broadcasts
on 192.168.*.255 from bringing up the link? Should I use 192.168.1.250
and 192.168.1.251 say for local and remote?
TIA
John
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
