ppp filtering (was Re: pppd filtering (was Re: BIND/login question))

Richard Smith rdls at jezebel.demon.co.uk
Wed Jan 26 08:54:52 GMT 2000


Adrian Wontroba wrote:
> 
> What follows won't help the hangs, but should help with the dialups.  It
> is the filtering rule set I use on (one of) my boxes.
> 
> It will _only_ dial out with a "ping demon-du.demon.co.uk" (change the
> address to taste, but make sure it is in /etc/hosts).  It will keep the
> line up while most things are going on, but when whats happening is just
> ICMP, DNS etc packets, it will drop the line.

[an interesting collection of filtering rules snipped]

A rather specialized use of dial-on-demand me thinks ;-)

I use ipfw on my dial-up router which helps to sanitize things. I also
power down the modem on a timer outside normal working hours which stops
people updating there active content at stupid times. But basically, we
costed the thing to keep the line up 8 or 9 hours a day, 5 days a week,
and we haven't reached that yet.

The worst thing for me was limiting the redial rate on ISDN. I'm
currently using pppd at work and wrote my own chat replacement in perl
to gain more control. When I next upgrade (it's currently 200days up on
3.1-R) I will migrate to ppp, but make use of pppctl and the redial inc
to prevent galloping costs during external network failure conditions.

Richard.





More information about the Ukfreebsd mailing list