question about on-demand connection to network with modem

Hi,
Recently I made the most terrible misstake one can make: change from
one DSL provider to the other. In this case, 'the other' is UPC, a
Dutch provider which promises a lot, but fails to provide any service
at all: now for 7 weeks my DSL connection is broken and UCP is not
making any effort to get it up again. So the only way to connect to the
internet at this moment is through a telephone-modem connection.
My router (openbrick with debian) works fine (pppd with demand option)
and starts the internet connection when my workstation tries to connect
to the internet. Also it closes down after the idle time. So far, so
good.
The only problem I have is that there seem to be other processes which
are trying to connect to the network, resulting in telephone
connections every couple of minutes. So far I have not been able to
identify the process which activates the modem connection.
My question is: can I use iptables to block all requests to ppp0,
except if the request comes from my lan (ip 192.168.0.3). Or is it
possible to tell iptables to start a shellscript to start the
connection when a request is made from the internal ip to ppp0?
Thanks in advance
Mike

insomniux <(E-Mail Removed)> wrote:

> The only problem I have is that there seem to be other processes
> which are trying to connect to the network, resulting in telephone
> connections every couple of minutes. So far I have not been able
> to identify the process which activates the modem connection.

Sounds like garbage sent by Microsoft hosts on a LAN.

tcpdump -i ppp0
(May not work for PPP interfaces when compiled using a broken libpcap
version, e.g., libpcap-0.8.3)

netstat -tenup

> My question is: can I use iptables to block all requests to ppp0,
> except if the request comes from my lan (ip 192.168.0.3). Or is it
> possible to tell iptables to start a shellscript to start the
> connection when a request is made from the internal ip to ppp0?

How can Internet bound requests not come from a LAN host?

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"

On Fri, 24 Jun 2005 03:06:23 -0700, insomniux wrote:

> So far I have not been able to
> identify the process which activates the modem connection.

You're going to have to do that.

> My question is: can I use iptables to block all requests to ppp0,
> except if the request comes from my lan (ip 192.168.0.3). Or is it
> possible to tell iptables to start a shellscript to start the
> connection when a request is made from the internal ip to ppp0?

External IPs cannot make a request to your pppd when you are offline.

Do you have an imap or pop3 mail client on your lan, that is checking for
mail at your isp every few minutes?

Other candidates are rss newsfeeds and self-refreshing web pages.

--tim

On 24 Jun 2005 03:06:23 -0700, insomniux
<(E-Mail Removed)> wrote:
> Hi,
> The only problem I have is that there seem to be other processes which
> are trying to connect to the network, resulting in telephone
> connections every couple of minutes. So far I have not been able to
> identify the process which activates the modem connection.
> My question is: can I use iptables to block all requests to ppp0,
> except if the request comes from my lan (ip 192.168.0.3). Or is it
> possible to tell iptables to start a shellscript to start the
> connection when a request is made from the internal ip to ppp0?
> Thanks in advance
> Mike
>
Debian uses exim as the default mail transfer agent. Exim wants to do a
DNS lookup for every email, even mail to root@localhost. You can set up
a local DNS, or install a different MTA, such as postfix.


--
Support Our Oops!

You're right. The signal must come from the LAN, not from the outer
world. I've tried to catch the signals to ppp0 but without any result.

Therefor I thought about the possibility to block all requests to ppp0
except those which originate from 192.168.0.3, or make iptables
actually start the connection only after a request is received from
192.168.0.3 .

insomniux <(E-Mail Removed)> wrote:
> You're right. The signal must come from the LAN, not from the outer
> world. I've tried to catch the signals to ppp0 but without any result.

"tcpdump -i ppp0" doesn't work? Maybe I'm not understanding "catch."

> Therefor I thought about the possibility to block all requests to ppp0
> except those which originate from 192.168.0.3, or make iptables
> actually start the connection only after a request is received from
> 192.168.0.3 .

You can use the pppd active-filter option to block some specific
types of traffic ala tcpdump filtering. This must be supported in
the kernel and pppd must also support it. Both of these may need to
be reconfigured and recompiles. (for pppd the FILTER option in it's
Makefile must be uncommented).

A packet reaching the PPP interface "starts the connection," not iptables.

If you don't care whether 192.168.0.3 can reach the Internet or not then
used "echo 0 > /proc/sys/net/ipv4/ip_forward" to disable IP forwarding.
This would have to be configured in a boot-up file to make it permanent;
which file varies with the Linux distribution used.

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"

I only want packages from 192.168.0.3 to be forwarded to the internet,
but I do NOT want packages which originate from the router itself to
start up the connection.
That is why I am looking for a way to make iptables to run a shell
script which sets up the connection. This script will only be started
when the request originates from 192.168.0.3 and if there is not
already a connection present. I just do not know if it is possible to
have iptables run a shellscript.

No neither of the packages are active. however exim is. I will check if
that one is the originator of the connections.
I still am interested to know if it is possible to have iptables run an
'external' command (like a shell script)

On Sat, 25 Jun 2005 03:06:11 -0400, Bill Marcum
<(E-Mail Removed)> wrote:

> Debian uses exim as the default mail transfer agent. Exim wants to do
> a DNS lookup for every email, even mail to root@localhost. You can
> set up a local DNS, or install a different MTA, such as postfix.

Or adjust the host_lookup line in your exim configuration. For Debian,
you can do this by running "dpkg-reconfigure exim4-config" and answering
the question about minimal DNS in the affirmative.


--
-| Bob Hauck
-| A proud member of the reality-based community.
-| http://www.haucks.org/

Indeed exim on my router was startingup the connection some times. I
turned it off, but still the connection is activated but less frequent.

This is the output of `ps ax`. Are there any candidates which could
also activate the connection (I have no selfrefreshing webpages, nor
mail-clients or newsreaders active on the router). BTW the router also
spontaneously connects to the internet when NO clients are connected to
192.168.0.3.

PID TTY STAT TIME COMMAND
1 ? S 0:03 init [2]
2 ? SW 0:00 [keventd]
3 ? SW 0:00 [kapmd]
4 ? SWN 0:00 [ksoftirqd_CPU0]
5 ? SW 0:00 [kswapd]
6 ? SW 0:00 [bdflush]
7 ? SW 0:00 [kupdated]
8 ? SW 0:09 [kjournald]
78 ? SW 0:03 [kjournald]
79 ? SW 0:00 [kjournald]
128 ? SW 0:00 [khubd]
195 ? S 0:00 /sbin/portmap
244 ? S 0:04 /sbin/syslogd
251 ? S 0:00 /sbin/klogd
273 ? S 0:00 /sbin/cardmgr -C config-2.4
281 ? S 0:00 /usr/sbin/rpc.rquotad
300 ? S 0:00 /bin/sh /usr/local/bin/mysqld_safe
--datadir=/home/mysql --pid-file=/var/run/mysqld/mysqld.pid
340 ? S 0:00 /usr/sbin/sshd
358 ? S 0:00 /usr/bin/X11/xfs -daemon
375 ? S 0:00 /sbin/rpc.statd
376 ? S 0:00 /usr/local/libexec/mysqld
--basedir=/usr/local --datadir=/home/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306
--socket=/var/run/mysqld/mysqld.sock
380 ? S 0:00 /usr/sbin/rpc.nfsd
382 ? S 0:00 /usr/sbin/rpc.mountd
389 ? S 0:00 proftpd (accepting connections)
402 ? S 0:20 /usr/sbin/noflushd -n 5 /dev/hdb
415 ? S 0:00 /usr/sbin/atd
433 ? S 0:00 /usr/local/libexec/mysqld
--basedir=/usr/local --datadir=/home/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306
--socket=/var/run/mysqld/mysqld.sock
434 ? S 0:00 /usr/local/libexec/mysqld
--basedir=/usr/local --datadir=/home/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306
--socket=/var/run/mysqld/mysqld.sock
505 ? S 0:00 /usr/sbin/apache
510 ? S 0:00 /usr/sbin/apache
511 ? S 0:00 /usr/sbin/apache
512 ? S 0:00 /usr/sbin/apache
513 ? S 0:00 /usr/sbin/apache
514 ? S 0:00 /usr/sbin/apache-ssl
518 ? S 0:00 /usr/sbin/apache
519 ? S 0:00 /usr/lib/apache-ssl/gcache 33
/var/run/gcache_port
520 ? S 0:00 /usr/sbin/apache-ssl
521 ? S 0:00 /usr/sbin/apache-ssl
522 ? S 0:00 /usr/sbin/apache-ssl
523 ? S 0:00 /usr/sbin/apache-ssl
524 ? S 0:00 /usr/sbin/apache-ssl
574 tty2 S 0:00 /sbin/getty 38400 tty2
575 tty3 S 0:00 /sbin/getty 38400 tty3
576 tty4 S 0:00 /sbin/getty 38400 tty4
577 tty5 S 0:00 /sbin/getty 38400 tty5
578 tty6 S 0:00 /sbin/getty 38400 tty6
583 tty1 S 0:00 /sbin/getty 38400 tty1
4500 ? S 0:00 /usr/sbin/apache
7074 ? S 0:00 /usr/sbin/sshd
7076 ? S 0:00 /usr/sbin/sshd
7077 pts/0 S 0:00 -bash
7078 pts/0 S 0:00 bash
7086 ? S 0:00 /usr/sbin/pppd /dev/ttyS0 115200 user
myispname lock defaultroute crtscts asyncmap 0 demand idle 60 connect
/etc/ppp/dialin
7153 pts/0 R 0:00 ps ax