Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!pravda.aa.msen.com!spool.mu.edu!howland.reston.ans.net!news.sprintlink.net!news.interport.net!usenet From: jruttenb@interport.net (Jonathan Ruttenberg) Newsgroups: alt.security,comp.protocols.tcp-ip,comp.security.unix,comp.unix.bsd.bsdi.misc,comp.unix.admin Subject: dual-homed BSD/OS laptop between private net and Internet Date: Thu, 31 Aug 1995 17:02:36 GMT Organization: Interport Communications Corp. Lines: 27 Message-ID: <424ppr$42n@park.interport.net> NNTP-Posting-Host: jruttenb.port.net X-Newsreader: Forte Free Agent v0.55 Xref: euryale.cc.adfa.oz.au alt.security:20728 comp.protocols.tcp-ip:38437 comp.security.unix:15247 comp.unix.bsd.bsdi.misc:687 comp.unix.admin:31799 I am considering setting up a laptop running BSD/OS with two network interfaces, one an Ethernet connection to a private network, the other a dialup PPP connection to an Internet provider. I do not need or want any Internet access from the private network. The private network will use the addresses allotted by the NIC for private networks. The PPP interface will have a fixed IP address provided by the service provider. I believe that BSD supports disabling of packet forwarding in the kernel. Is this possible in BSD/OS 1.x? I would configure the laptop without any dynamic routing. It would have two static routes. The default route would be the PPP interface, which would not be up continuously, and the route to the private network would be the Ethernet interface. I would appreciate any comments on the viability of this setup. Pointing out any obvious or not so obvious vulnerabilities would be greatly appreciated. Clearly, I want to protect the laptop from being re-booted after an unauthorized kernel re-build which enables IP forwarding. Thanks. Reply by e-mail or post your replies, as you see fit.