Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!munnari.oz.au!csc!ccadfa!usage!troy@mr_plod.cbme.unsw.oz
From: troy@mr_plod.cbme.unsw.oz (Troy Rollo)
Newsgroups: comp.unix.wizards
Subject: Re: How do I set up an insulating gateway?
Message-ID: <459@usage.csd.unsw.oz>
Date: 9 Oct 89 02:08:30 GMT
References: <29942@watmath.waterloo.edu>
Sender: news@usage.csd.unsw.oz
Reply-To: troy@mr_plod.cbme.unsw.oz
Lines: 24

From article <29942@watmath.waterloo.edu>, by gamiddleton@watmath.waterloo.edu (Guy Middleton):
gamiddleton> If I have a 4.3bsd (or 4.3-tahoe) machine with two IP interfaces, is there any
gamiddleton> way to prevent packets from one net reaching the other?  I want the machine to
gamiddleton> be able to talk to either net, but nobody else should be able to use it as an
gamiddleton> IP gateway.  I can't think of any obvious way of doing this.

All you have to do is "gag" routed. That is, invoke routed with the "-q" flag.
This prevents the gateway from telling anybody else about the networks it knows about.
This is how routed is invoked on my machine:

routed -h -f -q

You have to be careful when you do this (presumably it is because one of your nets is
using a non-NIC registered network number), because there will always be one network
in the world you won't be able to communicate with as a result of this. In my case it's
192.0.2 (would the real 192.0.2 please stand up?)

Note also that you will need to set up the name server on the gateway node,
so that local machines can figure out the names of other local machines, as well as
remote machines. This will not interfere with the rest of the network as long as you
don't have a name server in a higher domain directing queries to you.
___________________________________________________________
troy@mr_plod.cbme.unsw.oz.au	Make our greenies useful!
The Resident Fascist		Put them in the army!