Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Filter Question
On Fri, 3 Jul 1998, Joerg Bauer wrote:
> I want to use a filter on my MAX.
>
> Here are the conditions:
>
> I want to allow everthing on the max except tcp to port 5300 on the MAX
> I want to allow 2 subnetīs from the ethernet to access tcp-port 5300
>
> (I use 192.168.0.0 here instead of our Network, 192.168.13.2 is my MAX)
>
> Here what I set up
>
> Input Filter 1:
> (Deny world port 5300)
> Type: ip
[details snipped]
>
> Input Filter 2:
> (Allow my adrresses to my port)
> Type: ip
[details snipped]
>
> Input Filter 3:
> (Allow all the Rest)
> Type: ip
[details snipped]
>
> Then I assign this filter to Ethernet->Mod-Konfig->Ethernet-> Filter
>
> The Problem is :
> 1. that i canīt do a telnet to port 5300 from 192.168.0.19 after that
You should _first_ allow your addresses through _then_ block all others -
that is reverse filters 1 and 2.
> 2. the max stops every communication with the rest of the world after
> some seconds
You are implicitly blocking ARP (remember, it's not IP). Try adding a
fourth filter like (stolen from "In filter 10" in FAQ#15):
Valid=Yes
Generic...Forward=Yes
Generic...Offset=12
Generic...Length=4
Generic...Mask=ffff000000000000
Generic...Value=0806000000000000
Also, have a look at FAQs 12, 15 and 16 at
<URL:http://www.nealis.net/ascend/faq/>
Hope that helps,
Neale.
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: