If you're talking windows machines you gotta be carefull about ports 137-139. Windows does ALL access to the outside world through those 3 ports. If you filter them you will most likely sever any connection it tries to make. Paul Farber Farber Technology farber@admin.f-tech.net Ph 570-628-5303 Fax 570-628-5545 On Thu, 25 Nov 1999, Steve Sherwick wrote:
Well I'm playing around again...
I am attempting to install a user filter to suppress the flow of CIFS (SMB) communications through the HiPer ARC. My intent is to control the filters behavior by way of RADIUS and the Framed-Filter-Id= reply item.
I understand the technology portion of it but getting the nuances is kinda slowing me down.
I understand I need to create a named filter (In this case I named it NOCIFS) which I have managed to do with HARM. This is the filter.
#filter IP: 1 REJECT udp-src-port = 137; 2 REJECT udp-src-port = 138; 3 REJECT udp-src-port = 139;
I'm making the assumption that unlike many routers you may selectively Reject without having to allow everything else again.
According to the minimal documentation I've found there has to be a NOCIFS.IN and a NOCIFS.OUT file in the ARC for this to work. HARM however does not allow you to create a named filter with an extension. Does it create an in and an out automagically?? Or how does one do this??? In other words, how does HARM differentiate an In from an Out???
I'm fairly sure I can fool around with the CLI and get this to fly but the HARM should be able to handle it.
Anyway, am I even close to getting this to run <grin>....
Regards,
Steve Sherwick
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.