Fine's Home
I want access to work, and to the internet, but I want my appletalk network to be my own personal home network. So I want to block appletalk packets. (The call filter that comes with the Pipeline 25 doesn't block any packets at all. It is for people who use Ethertalk, and want to bridge it, but don't want to place ISDN calls based on random or incidental Ethertalk traffic.) The filter to block all Ethertalk packets is much simpler than the Call filter.
Block Appletalk #this is what I named the filter
Output
01 Generic #don't forward appletalk packets
Forward=No
Offset=14
Length=8
Mask=ffffff000000ffff
Value=aaaa03000000809b #809b is appletalk ethernet proto number
More=No
02 Generic #don't forward appletalk AARP packets
Forward=No
Offset=14
Length=8
Mask=ffffff000000ffff
Value=aaaa0300000080f3 #80f3 is appletalk AARP ethernet proto number
More=No
03 Generic #forward everything else
Forward=Yes
Offset=0
Length=0
Mask=0000000000000000
Value=0000000000000000
More=No
I've also had problems where Mbone traffic on the OSU end of the line
has flooded my ISDN line. The following filter is used on the OSU end
(on a Pipeline 50), to block this traffic, as well as hide campus Ethertalk
from my network.
Output
01 IP #block multicast packets
Forward=No
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.0.0.0
Dst Adrs=224.0.0.0 #all multicast addresses start with 224
Protocol=0
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=N/A
02 Generic #the rest is the same as the P25 filter
Forward=No
Offset=14
Length=8
Mask=ffffff000000ffff
Value=aaaa03000000809b
More=No
03 Generic
Forward=No
Offset=14
Length=8
Mask=ffffff000000ffff
Value=aaaa0300000080f3
More=No
04 Generic
Forward=Yes
Offset=0
Length=0
Mask=0000000000000000
Value=0000000000000000
More=No
The Ascend FAQ has a
good
reference that lists well known IP port numbers, IP protocol
numbers, and Ethernet protocol numbers.
|
Fine's Home
|
|
|
Send Me Email |