Hopefully someone can help. I've seen mention of filters on the list a couple times, but never anything I could completely follow. Need to figure out how to create a filter, and I know NOTHING about how to go about doing that. I want to create a filter to allow a particular to user to access only a single, specific IP address. I need to know not only what has to be in the filter, but how to go about putting it on the ARC and enabling it and such. Thanks in advance if you can help. Thanks, Joel
What you have to do is very simple (on HiperARC) : First of all you have to set up a tftp server (it's easy if you run linux). Then create filter files. For instance user.in and user.out. First is to allow/deny user's input and second - output. Then login to arc and do tftp. Write there (in tftp on arc) get tftp-servers-ip:filename. Example: if your tftp server is 10.0.0.1 and files are user.in and user.out do: Hiper>>tftp tftp>get 10.0.0.1:user.in ... tftp>get 10.0.0.1:user.out tftp>quit ... Then: add filter user.in add filter user.out set modem_group all filter_access on One way is simple: set user input_filter user.in set user output_filter user.out You have to have local authentication enabled for this. Another way is : On your radius server configure user to have an filter named: user (if your radius can do that. Filter_ID=input-filter-name/output-filter-name. Its explained in Hiper ARC's product reference.). Filter file have to be in ascii (text). An example of filter file is this: user.in #filter IP: 001 AND src-addr = 0.0.0.0/0; 002 ACCEPT dst-addr = 10.1.0.0/16; 003 AND src-addr = 0.0.0.0/0; 004 AND dst-addr = 10.2.1.1/32; 005 ACCEPT udp-dst-port = 53; 006 DENY; line 1 and 2 permit user to acces your local network (if local network is 10.1.0.0 255.255.0.0). line 3,4 and 5 permit user to access your dns server (if dns server's ip is 10.2.1.1). line 6 denys anything else. output filter is nearly the same but source addresses are 10.1.0.0/16 and 10.2.1.1. destination - 0.0.0.0/0 After you put filter files on arc you have to verify them by: verify filter user.in verify filter user.out. That's all I think :) Joel - Fox Computers wrote:
Hopefully someone can help.
I've seen mention of filters on the list a couple times, but never anything I could completely follow.
Need to figure out how to create a filter, and I know NOTHING about how to go about doing that.
I want to create a filter to allow a particular to user to access only a single, specific IP address.
I need to know not only what has to be in the filter, but how to go about putting it on the ARC and enabling it and such.
Thanks in advance if you can help.
Thanks,
Joel
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
participants (2)
-
alex -
Joel - Fox Computers