Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!noos.hooked.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!EU.net!usenet2.news.uk.psi.net!uknet!usenet1.news.uk.psi.net!uknet!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!awfulhak.demon.co.uk!not-for-mail From: brian@awfulhak.demon.co.uk (Brian Somers) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IP forwarding Date: 12 Sep 1996 10:34:30 +0100 Organization: Coverform Ltd. Lines: 47 Message-ID: <518lf6$9n@anorak.coverform.lan> References: <513hrs$ca@anorak.coverform.lan> <3235DB26.27D5@www.play-hookey.com> NNTP-Posting-Host: localhost.coverform.lan X-NNTP-Posting-Host: awfulhak.demon.co.uk X-Newsreader: TIN [version 1.2 PL2] Ken Bigelow (kbigelow@www.play-hookey.com) wrote: : Brian Somers wrote: : > : > On a machine w/ 3 interfaces, is there any way to forward IP between two : > of them, but not the third ? For example, I have two subnets & a ppp : > to the internet - I want the subnets to talk, but not send crap onto : > the 'net. : > : As long as a packet was specifically addressed to the 'other' subnet, I : wouldn't expect it to go over the PPP link. As near as I can tell, : anything I send internally to one of the other computers on my subnet : stays here, although my primary server has GATEWAY set to "YES." I think : it only forwards packets that don't already have a local home. : Or is that just wishful thinking? : -- That's correct, but in my scenario, I'm considering having two modems. I don't want an incoming connection to force an outgoing connection (because the dialer tries to send a packet to a "real" machine) - especially with an assigned ip of 10.0.2.2 ! I do however want them to be able to contact 10.0.1.1 (netmask ffffff00). The scenario is: dialin (10.0.2.2) The world | | ------|--------------|-------- | (10.0.2.1/24) (158.152.17.1) | | | | (10.0.1.1/24) | ------------|--------------- | LAN The dialin is allowed onto the LAN (I need to IP forward from 10.0.2.* to 10.0.1.*), but is not allowed to "The world" - I don't want *anything* to get IP forwarded to "The world". I suppose I could switch on IP forwarding and set up a filter on "The world" that denies source addresses of 10.*..... -- Brian <brian@awfulhak.demon.co.uk> Don't _EVER_ lose your sense of humour....