Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Pipe75 and Ethernet data filters.
>I've been unable to get data filters working for Ethernet. If I
>set any non-empty filter in Ethernet/Mod Config/Ether options, I
>find that I can't make any connections at all from the ethernet.
>If I set a filter who's input and output filters are all Valid=No,
>then it works fine. If I set a filter with a single in and a single
>out filter like:
>
> Valid=Yes
> Type=IP
> Ip...Forward=Yes
> Ip...Src Mask=0.0.0.0
> Ip...Src Adrs=0.0.0.0
> Ip...Dst Mask=0.0.0.0
> Ip...Dst Adrs=0.0.0.0
> Ip...Protocol=0
>
>it doesn't work (I cannot access the router from the ethernet).
>
>My goal, here, is to setup a filter which explicitely denies certain
>packets, allows certain others, and denies all that are not handled
>by a specific rule. For instance, deny all ethernet-out packets
>with src on the LAN, and all ethernet-in packets with dst on the
>LAN, while allowing ethernet-in with src on the LAN and ethernet-out
>with dst on the LAN. Relatively simple stuff, but if I can't even
>say "allow everything to pass" successfully...
I don't know all the details, but you need to allow ARP on an Ethernet.
Also, when you're writing a "deny a few specific things but allow the rest"
filter, you need to have a final Generic "allow all" filter to let the rest
through.
Check out http://www.ascend.com/696.html, which deals with writing filters
generally, and ARP specifically.
Peter Lalor
Infoasis
plalor@infoasis.com
http://www.infoasis.com/
415-459-7991 x102
415-459-7992 fax
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups: