<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.5762.3">
<TITLE>Filter Problem</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Tahoma">Hello Guys,</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">I have a little problem with the TNT filters that make me a big headache :(</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">I created a couple of filter to deny telnet access from any and only permit for one subnet (200.42.0.0/24)</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">This filters works perfectly but only for<B> 10 or 15</B> minutes! after that I lost completly managment ( telnet, ping, etc ) to my TNT (200.42.95.164)</FONT></P>
<P><FONT SIZE=2 FACE="Tahoma">I'm running soft version 7.2.4</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">This are the filters:</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">TnTLimaTaSa-CI4#dir filter</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> 535 03/27/2002 19:13:34 DenyTelnet</FONT>
</P>
<P><U><FONT SIZE=2 FACE="Tahoma">INPUT</FONT></U><FONT SIZE=2 FACE="Tahoma">:</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">1) valid-entry = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> forward = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> protocol = 6</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address-mask = 255.255.255.0 | SubNet</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address = 200.42.0.0 |</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address-mask = 255.255.255.255</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address = 200.42.95.164 | TNT</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Src-Port-Cmp = gtr</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-port = 1024</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Dst-Port-Cmp = eql</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-port = 23</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> tcp-estab = no</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">2) valid-entry = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> forward = no</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> protocol = 6</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address-mask = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address-mask = 255.255.255.255</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address = 200.42.95.164</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Src-Port-Cmp = none</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-port = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Dst-Port-Cmp = eql</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-port = 23</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> tcp-estab = no</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">3) valid-entry = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> forward = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> protocol = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address-mask = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address-mask = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Src-Port-Cmp = none</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-port = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Dst-Port-Cmp = none</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-port = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> tcp-estab = no</FONT>
</P>
<P><U><FONT SIZE=2 FACE="Tahoma">OUTPUT</FONT></U><FONT SIZE=2 FACE="Tahoma">:</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">1) valid-entry = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> forward = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> protocol = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address-mask = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-address = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address-mask = 0.0.0.0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-address = 0.0.0.0 </FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Src-Port-Cmp = none</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> source-port = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> Dst-Port-Cmp = none</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> dest-port = 0</FONT>
<BR><FONT SIZE=2 FACE="Tahoma"> tcp-estab = no</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">The filter above called DenyTelnet is apply to my FastEthernet interface:</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">TnTLimaTaSa-CI4#read ethernet { 1 3 4 }</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">ETHERNET/{ shelf-1 slot-3 4 } read</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">TnTLimaTaSa-CI4#list</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">[in ETHERNET/{ shelf-1 slot-3 4 }]</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">interface-address* = { shelf-1 slot-3 4 }</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">link-state-enabled = no</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">enabled = yes</FONT>
<BR><FONT SIZE=2 FACE="Tahoma">ether-if-type = utp</FONT>
<BR><B><FONT SIZE=2 FACE="Tahoma">filter-name = DenyTelnet</FONT></B>
<BR><FONT SIZE=2 FACE="Tahoma">duplex-mode = full-duplex</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Tahoma">Somebody could help on it? I really appreciate any answer.</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">Best Regards,</FONT>
</P>
<P><FONT SIZE=2 FACE="Tahoma">Alejandro J. Noriega</FONT><FONT SIZE=2 FACE="Arial"><BR>
</FONT><FONT SIZE=2 FACE="Tahoma">Depto. Ingenierķa De Redes</FONT><FONT SIZE=2 FACE="Arial"><BR>
</FONT><FONT SIZE=2 FACE="Tahoma">Pr!ma S.A</FONT><FONT SIZE=2 FACE="Arial"><BR>
</FONT><FONT SIZE=2 FACE="Tahoma">Ciudad Internet \ Datamarkets</FONT>
</P>
</BODY>
</HTML>