Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!pt.cs.cmu.edu!vi.ri.cmu.edu!nash
From: nash@vi.ri.cmu.edu (Richard Nash)
Newsgroups: comp.protocols.tcp-ip.ibmpc
Subject: Help using ka9q to protect sources
Message-ID: <10560@pt.cs.cmu.edu>
Date: 25 Sep 90 12:15:02 GMT
Organization: Carnegie-Mellon University, CS/RI
Lines: 30

Distribution: usa
Organization: Carnegie-Mellon University, CS/RI

My company has just recieved our connection to the internet. We are very
concerned about securing our business information and source code from
outside reading and it is felt that the best way to do this is to seperate
ourselves into two nets. Secure and open...

So I have two questions...

1> Is it possible to further subclass a Class-C address. Can I have my
   netmask be 255.255.255.192 so that I have 2 bits of network info and
   6 bits to specify the hosts? If so, I do I configure the ka9q net.exe
   program to route between my internal networks?

2> Can I have the route between the secure and open networks simply disallow
   any traffic except relatively inoccuous things like mail? Does the ka9q
   package allow me to do this?

   I have set up the ka9q package and got it to accept both cards through
   the attach command. I can ftp from the router PC to either side of the 
   network, but I can't seem to get through the router. From one side to
   the other. Can anyone help?

Rich Nash
nash@vi.ri.cmu.edu
-- 

Richard V. Nash
nash@vi.ri.cmu.edu