How do I set up an insulating gateway?

Sat Oct 14 04:24:03 AEST 1989

In article <20149 at mimsy.UUCP> I wrote:
>>Or compile the kernel with the "ipforwarding" variable turned off, eh? 

>Then it would not be a gateway.

What I missed was this (from the original article):

>If I have a 4.3bsd (or 4.3-tahoe) machine with two IP interfaces, is
>there any way to prevent packets from one net reaching the other?  I
>want the machine to be able to talk to either net, but nobody else
							------
>should be able to use it as an IP gateway.  I can't think of any
>obvious way of doing this.

Such a machine is not a gateway, merely a multi-homed host.  Turning
off ipforwarding would do it.

A more useful trick is to allow `friends' to get to either net from
the other, but not to allow the rest of the world; for this, one needs
a kernel hack.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at cs.umd.edu	Path:	uunet!mimsy!chris