Re: (ASCEND) Filter Question

To: joerg@germany.net
Subject: Re: (ASCEND) Filter Question
From: Assaf Homsky <asih@isdn.net.il>
Date: Mon, 06 Jul 1998 09:54:56 +0200
CC: "ascend-users@bungi.com" <ascend-users@bungi.com>
Organization: koor communication
References: <359CB084.17159DE9@germany.net>
Sender: owner-ascend-users@max.bungi.com

you must first forward yours 5300 in filter 1 and then in filter 2 deny all
the rest to 5300. in filter 3 use generic filter that allow everything (use
forward yes and all the rest default).


Joerg Bauer wrote:

> I want to use a filter on my MAX.
>
> Here are the conditions:
>
> I want to allow everthing on the max except tcp to port 5300 on the MAX
> I want to allow 2 subnet´s from the ethernet to access tcp-port 5300
>
> (I use 192.168.0.0 here instead of our Network, 192.168.13.2 is my MAX)
>
> Here what I set up
>
> Input Filter 1:
> (Deny world port 5300)
> Type: ip
>
> Forward: No
> Src Mask: 0.0.0.0
> Src Adrs: 0.0.0.0
> Dst Mask: 0.0.0.0
> Dst Adrs: 0.0.0.0
> Protocol: 6
> Src Port Cmp: None
> Src Port #: N/A
> Dst Port Cmp: Eql
> Dst Port #: 5300
> TCP Estab: No
>
> Input Filter 2:
> (Allow my adrresses to my port)
> Type: ip
>
> Forward: Yes
> Src Mask: 255.255.254.0
> Src Adrs: 192.168.0.0
> Dst Mask: 255.255.255.255
> Dst Adrs: 192.168.13.2
> Protocol: 6
> Src Port Cmp: None
> Src Port #: N/A
> Dst Port Cmp: Eql
> Dst Port #: 5300
> TCP Estab: No
>
> Input Filter 3:
> (Allow all the Rest)
> Type: ip
>
> Forward: yes
> Src Mask: 0.0.0.0
> Src Adrs: 0.0.0.0
> Dst Mask: 0.0.0.0
> Dst Adrs: 0.0.0.0
> Protocol: 0
> Src Port Cmp: None
> Src Port #: N/A
> Dst Port Cmp: None
> Dst Port #: N/A
> TCP Estab: No
>
> Then I assign this filter to Ethernet->Mod-Konfig->Ethernet-> Filter
>
> The Problem is :
> 1. that i can´t do a telnet to port 5300 from 192.168.0.19 after that
> 2. the max stops every communication with the rest of the world after
> some seconds
>
> any help ????
>
> --
> +------------------------------------------------------------+
> | Joerg Bauer                        EMail:joerg@germany.net |
> |                                                            |
> | callisto germany.net GmbH        D-60596 Frankfurt/Germany |
> | Telefon: +49-69-63397-410        FAX    : +49-69-63397-444 |
> +------------------------------------------------------------+
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:   <http://www.nealis.net/ascend/faq>

begin:          vcard
fn:             Assaf Homsky
n:              Homsky;Assaf
org:            koor comunication
adr:            modin 8 st.;;;LOD;;;ISRAEL
email;internet: asih@isdn.net.il
title:          technical support
tel;work:       972-8-9134843
tel;fax:        972-8-9134869
x-mozilla-cpt:  ;0
x-mozilla-html: FALSE
version:        2.1
end:            vcard

References:

(ASCEND) Filter Question

From: Joerg Bauer <joerg@germany.net>

Prev by Date: (ASCEND): subscribe
Next by Date: Re: (ASCEND) leaking pools in 6.1.0
Prev by thread: Re: (ASCEND) Filter Question
Next by thread: (ASCEND) Filter Question
Index(es):
- Main
- Thread