How do I set up an insulating gateway?
Troy Rollo
troy at mr_plod.cbme.unsw.oz
Mon Oct 9 12:08:30 AEST 1989
>From article <29942 at watmath.waterloo.edu>, by gamiddleton at watmath.waterloo.edu (Guy Middleton):
gamiddleton> If I have a 4.3bsd (or 4.3-tahoe) machine with two IP interfaces, is there any
gamiddleton> way to prevent packets from one net reaching the other? I want the machine to
gamiddleton> be able to talk to either net, but nobody else should be able to use it as an
gamiddleton> IP gateway. I can't think of any obvious way of doing this.
All you have to do is "gag" routed. That is, invoke routed with the "-q" flag.
This prevents the gateway from telling anybody else about the networks it knows about.
This is how routed is invoked on my machine:
routed -h -f -q
You have to be careful when you do this (presumably it is because one of your nets is
using a non-NIC registered network number), because there will always be one network
in the world you won't be able to communicate with as a result of this. In my case it's
192.0.2 (would the real 192.0.2 please stand up?)
Note also that you will need to set up the name server on the gateway node,
so that local machines can figure out the names of other local machines, as well as
remote machines. This will not interfere with the rest of the network as long as you
don't have a name server in a higher domain directing queries to you.
___________________________________________________________
troy at mr_plod.cbme.unsw.oz.au Make our greenies useful!
The Resident Fascist Put them in the army!
More information about the Comp.unix.wizards
mailing list