Thanks Guy and Paul,
It was a terrible mistake and i see now that this won't work what i had in
mind. I forget the term "and then accept"
Thanks for all your help!
Greetings,
Dennis Ponne
NetHolding BV
-----Original Message-----
From: Guy Davies [mailto:Guy.Davies@telindus.co.uk]
Sent: maandag 14 januari 2002 16:23
To: 'Dennis Ponne'
Cc: 'juniper-nsp@puck.nether.net'
Subject: RE: Juniper router Fails
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Dennis,
Did you add the firewall filter Security after you last logged in.
If I'm reading it correctly, it will permit ftp and telnet from a
single source and reject *all* other traffic to the RE. This will
cause no end of problems. You need to add some denies to prevent all
other telnets/ftp getting through and then a default permit.
Something like this should do the trick...
firewall {
filter Security {
term 10 {
from {
source-address {
194.53.244.18/32;
}
protocol tcp;
destination-port [ telnet ftp ];
}
then accept;
}
term 20 {
from {
protocol tcp;
destination-port [ telnet ftp ];
}
then reject;
}
term default {
then accept;
}
}
}
You've also got an entry for the broadcast address which is actually
specified as the network address (rather than the broadcast). You
really ought to fix that.
Regards,
Guy
> -----Original Message-----
> From: Dennis Ponne [mailto:dennis@garnierprojects.com]
> Sent: Monday, January 14, 2002 3:09 PM
> To: juniper-nsp@puck.nether.net
> Subject: Juniper router Fails
>
>
> Hello,
>
> I have a M20 backbone router from juniper and last saturday i have
> configured the FXP0 and I was able to ping to it. But today
> when i started
> the router it wouldn't ping on any interface anymore.
>
> I have tried the FastEthernet ports and the gigabit LX
> interfaces but with
> no succes does somebody know what this problem is?
>
> Here is my plain and simple configuration:
>
> version 4.0R3.1;
> system {
> host-name ams01;
> domain-name netholding.nl;
> login {
> class All {
> permissions all;
> }
> user test {
> uid 2000;
> class All;
> authentication {
> encrypted-password
> "$1$V8F2.$mA589tS.yvNbw7S2oOLzh/"; #
> SECRET-D
> ATA
> }
> }
> }
> services {
> telnet connection-limit 8;
> }
> syslog {
> user * {
> any emergency;
> any emergency;
> }
> file messages {
> any notice;
> authorization info;
> }
> }
> }
> interfaces {
> fxp0 {
> unit 0 {
> family inet {
> address 194.53.244.128/24 {
> broadcast 194.53.244.0;
> primary;
> }
> }
> }
> }
> lo0 {
> unit 0 {
> family inet {
> filter {
> input Security;
> }
> address 127.0.0.1/32;
> }
> }
> }
> }
> firewall {
> filter Security {
> term 10 {
> from {
> source-address {
> 194.53.244.18/32;
> }
> destination-port [ telnet ftp ];
> }
> then accept;
> }
> }
> }
>
> Thanks in advance,
>
> Dennis Ponne
> NetHolding BV
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBPEL3oY3dwu/Ss2PCEQLsCACeI9oMIO6z7w70tYBeCodx8gTh528AoJSm
tvs7TgRs10uil7lkWdXiTD/s
=Wz+M
-----END PGP SIGNATURE-----
.
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT