SEO

Hi. I am connecting to the net via ppp (dial-up) and my packet filter
kicks in once connected and goes down once disconnected (via
ppp.linkup and ppp.linkdown respectively). Ever since I began
filtering on both external and internal interfaces of my firewall my
SSH connection to the machine is sometimes lost. The error that I
believe is associated with this is:

"IPCP not open - packet dropped"

Now I looked around in the source and I found the string inside
src/usr.sbin/ppp/ppp/ip.c. It says:

ipv4_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
int nb;

if (bundle->ncp.ipcp.fsm.state != ST_OPENED) {
log_Printf(LogWARN, "ipv4_Input: IPCP not open - packet
dropped\n");
m_freem(bp);
return NULL;
}

I think it has something to do with the state table.

Is there any way I can adjust my ruleset (besides removing internal
interface rules) to avoid this happening? Just to test I added a pass
in and a pass out for SSH but it doesn't help. The pertinent rules
are below:

block in log-all on $INT all

pass in on $INT \
inet proto tcp \
from $LAN_admin to $INT \
port 22 \
modulate state

pass out on $INT \
inet proto tcp \
from $INT to $LAN_admin \
port 22 \
modulate state

What exactly is happening to my SSH connection when packet filter goes
down?

~ pm

On Wed, 13 Oct 2004 14:36:39 -0400, Peter Matulis
<petermatulis@yahoo.ca> wrote:

>The pertinent rules are below:
>
>block in log-all on $INT all

block out log-all on $INT all <-- forgot this one

>pass in on $INT \
> inet proto tcp \
> from $LAN_admin to $INT \
> port 22 \
> modulate state
>
>pass out on $INT \
> inet proto tcp \
> from $INT to $LAN_admin \
> port 22 \
> modulate state

~ pm