Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!CHUMLEY.TN.CORNELL.EDU!swb
From: swb@CHUMLEY.TN.CORNELL.EDU
Newsgroups: comp.sys.proteon
Subject: Customized filters
Message-ID: <8902272204.AA00393@dainichi.tn.cornell.edu>
Date: 27 Feb 89 22:04:35 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 18

Folks, I have a special request.  Before I start asking Marketing about
prices and such, I'd like to know how Engineering feels about doing it,
and if perhaps you have any clever suggestions for how to turn my
problem into a non-problem.

Basically, we have a user department at Cornell who is now very
security conscious.  They would like to replace their 750 with a p4200
(with 2-3 ethernet interfaces and one Pronet-10 interface), but they
want to be sure that no NFS traffic can go in and out through one of
those ethernet interfaces.  What I'm looking for, then, is essentially
IP forwarding **and simultaneously** the sort of "if byte 14 is 0xD7
and byte 23 is 0x7B then throw the packet out" sort of filtering that a
good MAC-level bridge can do.  We would like to stick with Proteon for
the router here, but I don't know of any Proteon products that can do
this sort of thing.  What do you think *we* should do, and what can
*you* do?  (To tell the truth, I don't know enough to even be sure that
NFS traffic can always be identified.)
					Thanks much ... Scott