I have such problem: i need to filter all traffic thru modem
How i can do it?
Must i hook all send and receive function for NdisWan or for
WANMiniPort driver?
Also i want to know how works TAPI and RAS?
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
For w2k and above the solution is NDIS filter driver. XP DDK passthru sample
should work for WAN. It is good to understand how RAS works and it is quite
necessary to understand NDIS_WAN_LINE_* IOCTLs (documented in the DDK). For
NT4 the solution is NDIS IM driver but much more complicated and with many
undocumented problems. Avoid it if you can.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@mail.ru[SMTP:xxxxx@mail.ru]
Reply To: xxxxx@lists.osr.com
Sent: Tuesday, February 05, 2002 12:55 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] FireWall for WANI have such problem: i need to filter all traffic thru modem
How i can do it?
Must i hook all send and receive function for NdisWan or for
WANMiniPort driver?
Also i want to know how works TAPI and RAS?
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Hello Michal!
I want to know such things:
How application from on host can connect to another in WAN ?
Thru TAPI?
And how works RAS when something want to connect to LAN from WAN. I think it can be in such way: RAS thru TAPI detect
when something want to connect, after this RAS setup the router (for
example for ip protocol) and after this all traffic going thru NDISWAN
and MSTCP… Is it true?
RAS
|
Transport TAPI
|1 |
| |
NdisWan ------ NdisTapi
|
|2
WanMiniPort
So my firewall must intersept traffic in link 1 or 2?
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Hello
I think it would be good reading for you
http://www.ntndis.com/articles/firewalleng.htm . Reviewed NDIS-hooking
approach covers filtering WAN for all Windows versions (from 95 till XP).
You will also find other approaches review…
BR,
Vadim
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of hello
Sent: Wednesday, February 06, 2002 10:34 AM
To: NT Developers Interest List
Subject: [ntdev] RE: FireWall for WAN
Hello Michal!
I want to know such things:
How application from on host can connect to another in WAN ?
Thru TAPI?
And how works RAS when something want to connect to LAN from WAN. I think it
can be in such way: RAS thru TAPI detect
when something want to connect, after this RAS setup the router (for
example for ip protocol) and after this all traffic going thru NDISWAN
and MSTCP… Is it true?
RAS
|
Transport TAPI
|1 |
| |
NdisWan ------ NdisTapi
|
|2
WanMiniPort
So my firewall must intersept traffic in link 1 or 2?
You are currently subscribed to ntdev as: xxxxx@pcausa.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
To be honest I don’t know too much about TAPI (or maybe know but don’t know
it is TAPI :). It should be covered in Platform SDK docs. What I know is
that some service (RasMan or another) sends IOCTLs to NdisWan to control WAN
lines. For firewall (w2k and above) it isn’t necessary to know. You should
intercept traffic between NdisWan and TcpIp (WanArp driver), 1 at your
picture. 2 should work as well but there can be more WAN miniports which
makes things more complicated. NDIS filter driver is informed about traffic
on RAS lines using NDIS_WAN_LINE* IOCTLs.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@mail.ru[SMTP:xxxxx@mail.ru]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, February 06, 2002 8:33 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: FireWall for WANHello Michal!
I want to know such things:
How application from on host can connect to another in WAN ?
Thru TAPI?
And how works RAS when something want to connect to LAN from WAN. I think
it can be in such way: RAS thru TAPI detect
when something want to connect, after this RAS setup the router (for
example for ip protocol) and after this all traffic going thru NDISWAN
and MSTCP… Is it true?RAS
|
Transport TAPI
|1 |
| |
NdisWan ------ NdisTapi
|
|2
WanMiniPortSo my firewall must intersept traffic in link 1 or 2?
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I found that NdisWan creates 3 devices(on win2000) : NdisWan,
NdisWanIp and NdisWanBh…
As far as i understand i must hook NdisWanIp for WanArp…
but i have such question: whats for NdisWan creates other 2 devices?
And how this things change in win nt 4.0…
Thanks…
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> ----------
From: xxxxx@mail.ru[SMTP:xxxxx@mail.ru]
Reply To: xxxxx@lists.osr.com
Sent: Thursday, February 07, 2002 8:28 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] FireWall for WANI found that NdisWan creates 3 devices(on win2000) : NdisWan,
NdisWanIp and NdisWanBh…
As far as i understand i must hook NdisWanIp for WanArp…
but i have such question: whats for NdisWan creates other 2 devices?
NdisWan device is for user mode services to control RAS dial in/out via
IOCTLs. NdisWanBh is adapter for NetMon (BloodHound). There can be even more
adapters depending on your installation: NdisWanIpx, NdisWanNbf (see system
INF files).
And how this things change in win nt 4.0…
Believe me, you don’t want to know it 
If you really want, you need a
good disassembler, debugger and several months.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
This dovetails with a problem I have.
My employer has a legacy serial network. It reserves the 8th bit for network
controls and reserves a couple of the ASCII control characters for control
purposes. So it doesn’t provide an 8 bit clean path, not even a 7 bit clean
path.
It would be useful to be able to run a Windows PPP connection over this net.
This means I need to insert a driver into the picture below that will take a
PPP packet expressed in 8 bit characters and recode it to fit into this
network. And take received packets in the network format and recode them
into 8 bit PPP packets.
Where should this component go and what do I have to do to install it?
And, since it would have to support all existing Windows version, how many
versions of this component do I need?
Thanks,
++PLS
-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Wednesday, February 06, 2002 5:00 PM
To: NT Developers Interest List
Subject: [ntdev] RE: FireWall for WAN
To be honest I don’t know too much about TAPI (or maybe know but don’t know
it is TAPI :). It should be covered in Platform SDK docs. What I know is
that some service (RasMan or another) sends IOCTLs to NdisWan to control WAN
lines. For firewall (w2k and above) it isn’t necessary to know. You should
intercept traffic between NdisWan and TcpIp (WanArp driver), 1 at your
picture. 2 should work as well but there can be more WAN miniports which
makes things more complicated. NDIS filter driver is informed about traffic
on RAS lines using NDIS_WAN_LINE* IOCTLs.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@mail.ru[SMTP:xxxxx@mail.ru]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, February 06, 2002 8:33 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: FireWall for WANHello Michal!
I want to know such things:
How application from on host can connect to another in WAN ?
Thru TAPI?
And how works RAS when something want to connect to LAN from WAN. I think
it can be in such way: RAS thru TAPI detect
when something want to connect, after this RAS setup the router (for
example for ip protocol) and after this all traffic going thru NDISWAN
and MSTCP… Is it true?RAS
|
Transport TAPI
|1 |
| |
NdisWan ------ NdisTapi
|
|2
WanMiniPortSo my firewall must intersept traffic in link 1 or 2?
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: xxxxx@ticketmaster.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Such a driver have to sit below NdisWan so 2 at the picture. Maybe it would
be sufficient to write filter for NdisWan -> serial WAN miniport connection.
I’m not sure if it is possible to write NDIS filter driver for this purpose;
it is be possible to write NDIS IM driver. The next possibility is special
WAN miniport.
As for OS versions, one driver should be enough for w2k and XP (and maybe
NT4) and probably also for w98 and above. As an example of similar project
which contain many interesting details in history and known issues sections
see RASPPPOE: http://user.cs.tu-berlin.de/~normanb/
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From:
xxxxx@ticketmaster.com[SMTP:xxxxx@ticketmaster.com]
Reply To: xxxxx@lists.osr.com
Sent: Friday, February 08, 2002 12:38 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: FireWall for WANThis dovetails with a problem I have.
My employer has a legacy serial network. It reserves the 8th bit for
network
controls and reserves a couple of the ASCII control characters for control
purposes. So it doesn’t provide an 8 bit clean path, not even a 7 bit
clean
path.It would be useful to be able to run a Windows PPP connection over this
net.
This means I need to insert a driver into the picture below that will take
a
PPP packet expressed in 8 bit characters and recode it to fit into this
network. And take received packets in the network format and recode them
into 8 bit PPP packets.Where should this component go and what do I have to do to install it?
And, since it would have to support all existing Windows version, how many
versions of this component do I need?Thanks,
++PLS-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Wednesday, February 06, 2002 5:00 PM
To: NT Developers Interest List
Subject: [ntdev] RE: FireWall for WANTo be honest I don’t know too much about TAPI (or maybe know but don’t
know
it is TAPI :). It should be covered in Platform SDK docs. What I know is
that some service (RasMan or another) sends IOCTLs to NdisWan to control
WAN
lines. For firewall (w2k and above) it isn’t necessary to know. You should
intercept traffic between NdisWan and TcpIp (WanArp driver), 1 at your
picture. 2 should work as well but there can be more WAN miniports which
makes things more complicated. NDIS filter driver is informed about
traffic
on RAS lines using NDIS_WAN_LINE* IOCTLs.Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]> ----------
> From: xxxxx@mail.ru[SMTP:xxxxx@mail.ru]
> Reply To: xxxxx@lists.osr.com
> Sent: Wednesday, February 06, 2002 8:33 AM
> To: xxxxx@lists.osr.com
> Subject: [ntdev] RE: FireWall for WAN
>
> Hello Michal!
> I want to know such things:
> How application from on host can connect to another in WAN ?
> Thru TAPI?
> And how works RAS when something want to connect to LAN from WAN. I
think
> it can be in such way: RAS thru TAPI detect
> when something want to connect, after this RAS setup the router (for
> example for ip protocol) and after this all traffic going thru NDISWAN
> and MSTCP… Is it true?
>
> RAS
> |
> Transport TAPI
> |1 |
> | |
> NdisWan ------ NdisTapi
> |
> |2
> WanMiniPort
>
> So my firewall must intersept traffic in link 1 or 2?
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
You are currently subscribed to ntdev as: xxxxx@ticketmaster.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com