Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!houxm!hogpc!houti!ariel!vax135!cornell!uw-beaver!tektronix!hplabs!sri-unix!drockwel@CSNET-SH.ARPA
From: drockwel@CSNET-SH.ARPA@sri-unix.UUCP
Newsgroups: net.unix
Subject: Re: 4.2bsd gatewaying
Message-ID: <13011@sri-arpa.UUCP>
Date: Thu, 30-Aug-84 13:58:23 EDT
Article-I.D.: sri-arpa.13011
Posted: Thu Aug 30 13:58:23 1984
Date-Received: Sat, 1-Sep-84 12:27:42 EDT
Lines: 58

From:  Dennis Rockwell <drockwel@CSNET-SH.ARPA>

	From: stanonik@nprdc
	Subject: 4.2bsd gatewaying
	Date: 29 August 1984 1347-PDT (Wednesday)

	We're thinking about running rick@seismo's serial line ip code
	to a machine, sdcsla, at a local university, ucsd.  Our aim is 
	to communicate with sdcsla, but not to gateway between ucsd's 
	relatively large local network and the milnet.  (sdcsla is on
	ucsd's local network and we're on the milnet).  My reasoning,
	or lack thereof, runs as follows.
	1) 4.2bsd assumes packets should be forwarded between network 
	   interfaces; ie, packets will be forwarded between ucsd's
	   local network and the milnet, given the appropriate routing 
	   information.

There is a flag (ipforwarding) that you can set to 0 to prevent packet
forwarding.  You can either change it in your source, or run an adb script
from rc.local to turn off the forwarding.  Packets which would have been
forwarded are then answered with an ICMP UNREACHABLE message.

	2) routed on our machine will inform sdcsla that we are a gateway 
	   to the milnet, and routed on sdcsla will in turn inform every 
	   machine on ucsd's local network.

Don't run routed unless you have to (for a local net, perhaps).  In any
case, turning off forwarding will stop the traffic.

	3) egp (kirton@usc-isif's egp) on our machine will inform every
	   machine on the milnet that we are a gateway to ucsd's local
	   network.

Why are you running EGP if you don't want to be a gateway?  If you run it
because you want to keep your routes up to date, then you should use the
"egpnetsreachable" config command (in the file etc-egp) to restrict the nets
that are advertised by EGP.  If you are a gateway between MILNET and some
local net you don't mention in your message, then you will have to hack
ip_forward in netinet/ip_input.c to exclude the point-to-point net plus all
the nets behind sdcsla.

	4) Has anyone else had to deal with keeping networks disjoint, 
	   both speaking IP?  Any ideas on controlling 4.2bsd packet 
	   forwarding, or routed/egp routing information?

In addition to the above, we (CSNET) have to restrict our non-domestic X.25
sites from sending or receiving packets from the Internet.  The solution in
this case is (unfortunately) to hack ip_forward as mentioned above.

	Thanks,

	Ron Stanonik
	stanonik@nprdc

Good luck!  Let me know what you finally do.

Dennis Rockwell
CSNET Technical Staff