*BSD News Article 49713


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!pravda.aa.msen.com!spool.mu.edu!howland.reston.ans.net!news.sprintlink.net!news.interport.net!usenet
From: jruttenb@interport.net (Jonathan Ruttenberg)
Newsgroups: alt.security,comp.protocols.tcp-ip,comp.security.unix,comp.unix.bsd.bsdi.misc,comp.unix.admin
Subject: dual-homed BSD/OS laptop between private net and Internet
Date: Thu, 31 Aug 1995 17:02:36 GMT
Organization: Interport Communications Corp.
Lines: 27
Message-ID: <424ppr$42n@park.interport.net>
NNTP-Posting-Host: jruttenb.port.net
X-Newsreader: Forte Free Agent v0.55
Xref: euryale.cc.adfa.oz.au alt.security:20728 comp.protocols.tcp-ip:38437 comp.security.unix:15247 comp.unix.bsd.bsdi.misc:687 comp.unix.admin:31799

I am considering setting up a laptop running BSD/OS with two network
interfaces, one an Ethernet connection to a private network, the other
a dialup PPP connection to an Internet provider.  I do not need  or
want any Internet access from the private network.

The private network will use the addresses allotted by the NIC for
private networks.  The PPP interface will have a fixed IP address
provided by the service provider.

I believe that BSD supports disabling of packet forwarding in the
kernel.  Is this possible in BSD/OS 1.x?

I would configure the laptop without any dynamic routing.  It would
have two static routes.  The default route would be the PPP interface,
which would not be up continuously, and the route to the private
network would be the Ethernet interface.

I would appreciate any comments on the viability of this setup.
Pointing out any obvious or not so obvious vulnerabilities
would be greatly appreciated.  Clearly, I want to protect the laptop
from being re-booted after an unauthorized kernel re-build which
enables IP forwarding.

Thanks.

Reply by e-mail or post your replies, as you see fit.