Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!iuvax!watmath!gamiddleton
From: gamiddleton@watmath.waterloo.edu (Guy Middleton)
Newsgroups: comp.unix.wizards
Subject: Re: How do I set up an insulating gateway?
Message-ID: <30500@watmath.waterloo.edu>
Date: 19 Oct 89 14:57:38 GMT
References: <29942@watmath.waterloo.edu> <459@usage.csd.unsw.oz> <10051@ucsd.Edu> <20149@mimsy.UUCP> <20158@mimsy.UUCP>
Reply-To: gamiddleton@watmath.waterloo.edu (Guy Middleton)
Organization: University of Waterloo [MFCF/ICR]
Lines: 28

In article <20158@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
| In article <20149@mimsy.UUCP> I wrote:
| >>Or compile the kernel with the "ipforwarding" variable turned off, eh? 
| 
| >Then it would not be a gateway.
| 
| What I missed was this (from the original article):
| 
| >If I have a 4.3bsd (or 4.3-tahoe) machine with two IP interfaces, is
| >there any way to prevent packets from one net reaching the other?  I
| >want the machine to be able to talk to either net, but nobody else
| 							------
| >should be able to use it as an IP gateway.  I can't think of any
| >obvious way of doing this.
| 
| Such a machine is not a gateway, merely a multi-homed host.  Turning
| off ipforwarding would do it.

It seems I should have been more explicit in my original query.  The machine
really is on three nets, and I only want to isolate one of them.  I mentioned
only two, for simplicity.  Had I remembered the kernel ipforwarding variable,
I would have been more explicit.  Chris's fix is actually what I was looking
for.

Thanks everybody else for reminding me about ipforwarding.

 -Guy Middleton, University of Waterloo		gamiddleton@watmath.waterloo.edu
		(+1 519 885 1211 x3472)		gamiddleton@watmath.uwaterloo.ca