|
Hi Everyone,
I am having one tough time getting a filter to work
with radiator and Ascend MAX TNTs.
Here's my plan. I need to deal with some spamming
issues on the network, so for my plain dialup customers I need to enforce a
filter that drops all packets coming in or going out a NAS port that are on TCP
Port 25.
I am adding the following to my user
profiles:
Filter-ID = "free-internet"
The following is the configuration from my TNT
Chassis:
set filter-name = free-internet
set input-filters 1 valid-entry = yes set input-filters 1 forward = no set input-filters 1 Type = ip-filter set input-filters 1 gen-filter offset = 0 set input-filters 1 gen-filter len = 0 set input-filters 1 gen-filter more = no set input-filters 1 gen-filter comp-neq = no set input-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00 set input-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00 set input-filters 1 ip-filter protocol = 6 set input-filters 1 ip-filter source-address-mask = 0.0.0.0 set input-filters 1 ip-filter source-address = 0.0.0.0 set input-filters 1 ip-filter dest-address-mask = 0.0.0.0 set input-filters 1 ip-filter dest-address = 0.0.0.0 set input-filters 1 ip-filter Src-Port-Cmp = eql set input-filters 1 ip-filter source-port = 25 set input-filters 1 ip-filter Dst-Port-Cmp = eql set input-filters 1 ip-filter dest-port = 25 set input-filters 1 ip-filter tcp-estab = no set input-filters 1 route-filter source-address-mask = 0.0.0.0 set input-filters 1 route-filter source-address = 0.0.0.0 set input-filters 1 route-filter route-mask = 0.0.0.0 set input-filters 1 route-filter route-address = 0.0.0.0 set input-filters 1 route-filter add-metric = 0 set input-filters 1 route-filter action = none set input-filters 1 ipx-filter src-net-address = 00:00:00:00 set input-filters 1 ipx-filter dest-net-address = 00:00:00:00 set input-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00 set input-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00 set input-filters 1 ipx-filter src-socket = 00:00 set input-filters 1 ipx-filter src-socket-cmp = none set input-filters 1 ipx-filter dest-socket = 0 set input-filters 1 ipx-filter dst-socket-cmp = none set input-filters 1 tos-filter protocol = 0 set input-filters 1 tos-filter source-address-mask = 0.0.0.0 set input-filters 1 tos-filter source-address = 0.0.0.0 set input-filters 1 tos-filter dest-address-mask = 0.0.0.0 set input-filters 1 tos-filter dest-address =
0.0.0.0
set input-filters 1 tos-filter Src-Port-Cmp = none set input-filters 1 tos-filter source-port = 0 set input-filters 1 tos-filter Dst-Port-Cmp = none set input-filters 1 tos-filter dest-port = 0 set input-filters 1 tos-filter precedence = 000 set input-filters 1 tos-filter type-of-service = normal set output-filters 1 valid-entry = yes
set output-filters 1 forward = no set output-filters 1 Type = ip-filter set output-filters 1 gen-filter offset = 0 set output-filters 1 gen-filter len = 0 set output-filters 1 gen-filter more = no set output-filters 1 gen-filter comp-neq = no set output-filters 1 gen-filter mask = 00:00:00:00:00:00:00:00:00:00:00:00 set output-filters 1 gen-filter value = 00:00:00:00:00:00:00:00:00:00:00:00 set output-filters 1 ip-filter protocol = 6 set output-filters 1 ip-filter source-address-mask = 0.0.0.0 set output-filters 1 ip-filter source-address = 0.0.0.0 set output-filters 1 ip-filter dest-address-mask = 0.0.0.0 set output-filters 1 ip-filter dest-address = 0.0.0.0 set output-filters 1 ip-filter Src-Port-Cmp = eql set output-filters 1 ip-filter source-port = 25 set output-filters 1 ip-filter Dst-Port-Cmp = eql set output-filters 1 ip-filter dest-port = 25 set output-filters 1 ip-filter tcp-estab = no set output-filters 1 route-filter source-address-mask = 0.0.0.0 set output-filters 1 route-filter source-address = 0.0.0.0 set output-filters 1 route-filter route-mask = 0.0.0.0 set output-filters 1 route-filter route-address = 0.0.0.0 set output-filters 1 route-filter add-metric = 0 set output-filters 1 route-filter action = none set output-filters 1 ipx-filter src-net-address = 00:00:00:00 set output-filters 1 ipx-filter dest-net-address = 00:00:00:00 set output-filters 1 ipx-filter src-node-address = 00:00:00:00:00:00 set output-filters 1 ipx-filter dest-node-address = 00:00:00:00:00:00 set output-filters 1 ipx-filter src-socket = 00:00 set output-filters 1 ipx-filter src-socket-cmp = none set output-filters 1 ipx-filter dest-socket = 0 set output-filters 1 ipx-filter dst-socket-cmp = none set output-filters 1 tos-filter protocol = 0
set output-filters 1 tos-filter source-address-mask = 0.0.0.0 set output-filters 1 tos-filter source-address = 0.0.0.0 set output-filters 1 tos-filter dest-address-mask = 0.0.0.0 set output-filters 1 tos-filter dest-address = 0.0.0.0 set output-filters 1 tos-filter Src-Port-Cmp = none set output-filters 1 tos-filter source-port = 0 set output-filters 1 tos-filter Dst-Port-Cmp = none set output-filters 1 tos-filter dest-port = 0 set output-filters 1 tos-filter precedence = 000 set output-filters 1 tos-filter type-of-service = normal When I run this to check, I connect to the account
and then try to Telnet to a Sendmail server on Port 25. Each time I get a
connection, which means it is not working. Can someone help me out
here?
Thanks in advance,
--Tom
Tom Daly
Network Operations Administrator G4 Communications Corp. / Metro2000 Internet Services E: [EMAIL PROTECTED] / W3: www.metro2000.net |
- (RADIATOR) filters Mike McCauley
- Re: (RADIATOR) filters Mike McCauley
- (RADIATOR) Filters Lutfi YUNUSOGLU
- Re: (RADIATOR) Filters Hugh Irvine
- Re: (RADIATOR) Filters Tom Daly
- Re: (RADIATOR) Filters Hugh Irvine
- Re: (RADIATOR) Filters Tom Daly
