Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: How do I set up an insulating gateway?
Message-ID: <20158@mimsy.UUCP>
Date: 13 Oct 89 18:24:03 GMT
References: <29942@watmath.waterloo.edu> <459@usage.csd.unsw.oz> <10051@ucsd.Edu> <20149@mimsy.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 23

In article <20149@mimsy.UUCP> I wrote:
>>Or compile the kernel with the "ipforwarding" variable turned off, eh? 

>Then it would not be a gateway.

What I missed was this (from the original article):

>If I have a 4.3bsd (or 4.3-tahoe) machine with two IP interfaces, is
>there any way to prevent packets from one net reaching the other?  I
>want the machine to be able to talk to either net, but nobody else
							------
>should be able to use it as an IP gateway.  I can't think of any
>obvious way of doing this.

Such a machine is not a gateway, merely a multi-homed host.  Turning
off ipforwarding would do it.

A more useful trick is to allow `friends' to get to either net from
the other, but not to allow the rest of the world; for this, one needs
a kernel hack.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@cs.umd.edu	Path:	uunet!mimsy!chris