Hi, I am having trouble configuring and assighning filters dynamicly with radius on the Hiper Arcs. This is what I have. On the Hiper Arc: filter.fil #filter IP: 005 AND src-addr = 0.0.0.0/0; 010 ACCEPT dst-addr = 216.32.74.50; 015 AND dst-addr = 0.0.0.0/0; 020 REJECT tcp-dst-port = 80; 025 AND dst-addr = 0.0.0.0/0; 030 REJECT tcp-dst-port = 443; 035 AND dst-addr = 0.0.0.0/0; 040 REJECT tcp-dst-port = 119; 045 AND dst-addr = 0.0.0.0/0; 050 REJECT tcp-dst-port = 6667; 055 AND dst-addr = 0.0.0.0/0; 060 REJECT udp-dst-port = 6667; 070 DENY; In Radius: Filter_ID=filter.fil, Show session (user ID) indicates that the Filter_ID radius attribute was picked up by the NAS. However, it does not block any of the ports defined in the filter. Do I need to configur something else? Thanks in advance for any help. -- Scott Bailey Systems Administrator Epix Internet Services scott@epix.net 570-631-1317 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Make sure that filter access is enabled for all modem-groups, make sure that you have this filter named as filter.fil.in and also that you have a filter called filter.fil.out (empty dummy filter is good). This is needed for the filter to work. -V On Mon, 10 Jul 2000, Scott Bailey wrote:
Hi,
I am having trouble configuring and assighning filters dynamicly with radius on the Hiper Arcs. This is what I have.
On the Hiper Arc:
filter.fil
#filter IP:
005 AND src-addr = 0.0.0.0/0; 010 ACCEPT dst-addr = 216.32.74.50; 015 AND dst-addr = 0.0.0.0/0; 020 REJECT tcp-dst-port = 80; 025 AND dst-addr = 0.0.0.0/0; 030 REJECT tcp-dst-port = 443; 035 AND dst-addr = 0.0.0.0/0; 040 REJECT tcp-dst-port = 119; 045 AND dst-addr = 0.0.0.0/0; 050 REJECT tcp-dst-port = 6667; 055 AND dst-addr = 0.0.0.0/0; 060 REJECT udp-dst-port = 6667; 070 DENY;
In Radius:
Filter_ID=filter.fil,
Show session (user ID) indicates that the Filter_ID radius attribute was picked up by the NAS. However, it does not block any of the ports defined in the filter. Do I need to configur something else?
Thanks in advance for any help.
-- Scott Bailey Systems Administrator Epix Internet Services scott@epix.net 570-631-1317
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----- Original Message ----- From: "Ved" <ved@iyka.com> Subject: Re: (usr-tc) Hiper Arc Filters
Make sure that filter access is enabled for all modem-groups,
Thanks. Would you have an example of the syntax to do that on a Hiper Arc.
make sure that you have this filter named as filter.fil.in and also that you have a filter called filter.fil.out (empty dummy filter is good). This is needed for the filter to work.
That makes sense. I can see it is trying to append .in and .out to the filter name, however the documentation (At least not that I could find) doesn't mention that as a consideration in naming the filters. It seemed the documentation for the Netservers was a little more thorough. Thanks for the assistance. ------ Scott Bailey Systems Administrator Epix Internet Services scott@epix.net 570-631-1317 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Quoting Scott Bailey <scott@epix.net>:
----- Original Message ----- From: "Ved" <ved@iyka.com> Subject: Re: (usr-tc) Hiper Arc Filters
Make sure that filter access is enabled for all modem-groups,
Thanks. Would you have an example of the syntax to do that on a Hiper Arc.
set modem_group all filter_access on
make sure that you have this filter named as filter.fil.in and also that you have a filter called filter.fil.out (empty dummy filter is good). This is needed for the filter to work.
That makes sense. I can see it is trying to append .in and .out to the filter name, however the documentation (At least not that I could find) doesn't mention that as a consideration in naming the filters. It seemed the documentation for the Netservers was a little more thorough.
Well the initial release of hiper arc (4.0) did not use this - but then the problem was that users of netservers did not like this option. Thus from 4.0.39 upwards the HiPer arc required filters to have .in and .out - or you can use the VSA Framed-ip-filter attribute that will allow you to send either input or output filter. -V
Thanks for the assistance.
------ Scott Bailey Systems Administrator Epix Internet Services scott@epix.net 570-631-1317
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (3)
-
Scott Bailey -
Ved -
ved@iyka.com