Dial-on-Demand Connection Does Not Stop

Support knowledgebase (fhassel_ppp_filtering)
Applies to

SuSE Linux: Versions since 7.2

Symptom

You have configured dial-on-demand for your Internet dial-up connection. However,the connection does not stop automatically or, if it does, only after a long time, even though no connection is started from your computer during the defined idle time.

Cause

Your IP address was previously assigned to a participant in some of the more and more common peer-to-peer file sharing sites. When this user type closes such a program or changes his IP address, the queries from the peer-to-peer network are still being sent to the original IP address after some hours. If you have been assigned one of these IP addresses, the PPP service does not close the connection due to the long-lasting effect of this network activity.

Solution

A solution is available for services using pppd (modem, ADSL), but not for ISDN connections where ipppd is used.

The solution consists of making the ppp daemon filter unrequested connections. In this way, these connections no longer affect the idle time.

Requirements for this solution are that the kernel option 'PPP filtering' is activated (which is the case from SuSE Linux version 7.2 on) and that the package pppd has been compiled with this option. This is the default case since SuSE Linux 8.1.

For SuSE versions from 7.2 to 8.0, an update package can be installed. For this purpose, download the package pppd.rpm from our FTP server. The distribution folders can be found under ftp://ftp.suse.com/pub/suse/i386/update/ on our FTP server. The current package pppd.rpm is available in the respective subdirectory n1.

Install it by entering a command similar to the following one in a root shell (adapt the path and version number):

rpm -Uhv /tmp/ppp-2.4.0-93.i386.rpm
Edit the file /etc/ppp/options with an editor of your choice and insert the following option (in a single line):
active-filter 'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0'
The syntax resembles that of tcpdump, a network traffic analysis tool. For information, refer to man tcpdump.

Restart pppd or reboot your system to apply the changes. Unrequested incoming packets will no longer have any effect on the idle time.

In case of problems ("parse error") in old SuSE versions, you might need to install a current libpcap package.

SuSE Linux AG cannot guarantee a total security and will not assume any liability for this procedure. In addition, note that this procedure and any problems derived from it exceed the scope of the free-of-charge installation support.

Final remark: This author of this solution is Jürgen Schmidt, who presented it in his article "Gut aufgelegt" in the German computer magazine c't magazin, number 2/2003.


Keywords: PPPD, FILTERING, DIAL, ON, DEMAND, DOD, ACTIVE FILTER, MODEM, TDSL

Categories: PPP

SDB-fhassel_ppp_filtering, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 03. Mar 2003
SuSE Linux AG - Last generated: 25. Jun 2003 by afaber (sdb_gen 1.40.0)