*BSD News Article 78252


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!noos.hooked.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!EU.net!usenet2.news.uk.psi.net!uknet!usenet1.news.uk.psi.net!uknet!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!awfulhak.demon.co.uk!not-for-mail
From: brian@awfulhak.demon.co.uk (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IP forwarding
Date: 12 Sep 1996 10:34:30 +0100
Organization: Coverform Ltd.
Lines: 47
Message-ID: <518lf6$9n@anorak.coverform.lan>
References: <513hrs$ca@anorak.coverform.lan> <3235DB26.27D5@www.play-hookey.com>
NNTP-Posting-Host: localhost.coverform.lan
X-NNTP-Posting-Host: awfulhak.demon.co.uk
X-Newsreader: TIN [version 1.2 PL2]

Ken Bigelow (kbigelow@www.play-hookey.com) wrote:
: Brian Somers wrote:
: > 
: > On a machine w/ 3 interfaces, is there any way to forward IP between two
: > of them, but not the third ?  For example, I have two subnets & a ppp
: > to the internet - I want the subnets to talk, but not send crap onto
: > the 'net.
: > 

: As long as a packet was specifically addressed to the 'other' subnet, I
: wouldn't expect it to go over the PPP link. As near as I can tell,
: anything I send internally to one of the other computers on my subnet
: stays here, although my primary server has GATEWAY set to "YES." I think
: it only forwards packets that don't already have a local home.

: Or is that just wishful thinking?
: -- 

That's correct, but in my scenario, I'm considering having two modems.
I don't want an incoming connection to force an outgoing connection
(because the dialer tries to send a packet to a "real" machine)
- especially with an assigned ip of 10.0.2.2 !  I do however want them to
be able to contact 10.0.1.1 (netmask ffffff00).

The scenario is:

                 dialin
	       (10.0.2.2)     The world
		   |              |
             ------|--------------|--------
            | (10.0.2.1/24) (158.152.17.1) |
            |                              |
            |      (10.0.1.1/24)           |
             ------------|---------------
			 |
			LAN

The dialin is allowed onto the LAN (I need to IP forward from 10.0.2.*
to 10.0.1.*), but is not allowed to "The world" - I don't want *anything*
to get IP forwarded to "The world".

I suppose I could switch on IP forwarding and set up a filter on "The
world" that denies source addresses of 10.*.....

--
Brian <brian@awfulhak.demon.co.uk>
Don't _EVER_ lose your sense of humour....