>I still have problems about diald that dials every time.
>[...]
>I try to indentify tcpdump messages but I can't understand how to
>"convert" the informations to standard.filter format.
>I'm thinking about workarround solutions because I have only needs to
>access http pages, send and receive emails, access newsserver and
>transfer FTP files. Why "we" cannot configure the standard.filter to
>accept only these net messages instead accept all and filter "almost"
>all.
Sounds easy doesn't it? But once you look in to the protocols
you realise that it is practically impossible to fix the problem
solely in diald's filters. The usual cause of unexpected dials
is unexpected DNS look ups which may actually be relayed WINS
look ups. You can't simply block DNS look ups because that
means all the other protocols can never figure out the address
for a given hostname and they don't work. You have to identify
the specific DNS queries causing the problem and either fix
the misconfiguration that is causing them, handle them sensibly
(i.e. have a local named return an answer), or block them.
(While it is, theoretically, possible to have diald peak inside
packets and block specific DNS queries that way lies insanity - very
quickly!)
Quote:>In my system I use samba (essential),
Hmmm, if you have Windows machines out there you can expect
"interesting" queries to happen...
Quote:>sendmail. I already disabled named.
That was a mistake. Running a local named and making sure it
is being used for all DNS look ups means you can simply turn
query logging on and get chapter and verse about what is
happening. Then you can have set it up to dump the bogus queries.
Quote:>I have some additional questions:
>1> If I use pppd dial on demand feature (I need to recompile my kernel
>to do that), can I solve my problems or I have the same filtering needs?
If you don't address the problem you won't solve it :-). The demand
is there because packets exist.
Quote:>2> I already put a message asking about to create a script that dials
>and activate pppd from my intranet. I can create a little program that
>send to my server a message to activate a cgi-script and this script
>connect to internet (simulating Windows local dialup connection). I
>have only a problem: I'm very new with linux and I don't know how can I
>start to do that. Any ideas?
Use a recent (0.99.1) version of diald from http://diald.unix.ch, run
it with the -demand option and simply echo "up" to the control fifo
when you want the link. Or run dctrl using the Windows version
of tcl/tk from ftp.scriptics.com. Watch the connection queue,
have named log queries, when you have things under control just
turn demand dialling on.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Roan Technology Ltd. | |
| 2 Markham Mews, Broad Street | Telephone: +44 118 989 0403 |
| Wokingham ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
by