4.2bsd gatewaying
drockwel at CSNET-SH.ARPA
drockwel at CSNET-SH.ARPA
Fri Aug 31 03:58:23 AEST 1984
From: Dennis Rockwell <drockwel at CSNET-SH.ARPA>
From: stanonik at nprdc
Subject: 4.2bsd gatewaying
Date: 29 August 1984 1347-PDT (Wednesday)
We're thinking about running rick at seismo's serial line ip code
to a machine, sdcsla, at a local university, ucsd. Our aim is
to communicate with sdcsla, but not to gateway between ucsd's
relatively large local network and the milnet. (sdcsla is on
ucsd's local network and we're on the milnet). My reasoning,
or lack thereof, runs as follows.
1) 4.2bsd assumes packets should be forwarded between network
interfaces; ie, packets will be forwarded between ucsd's
local network and the milnet, given the appropriate routing
information.
There is a flag (ipforwarding) that you can set to 0 to prevent packet
forwarding. You can either change it in your source, or run an adb script
from rc.local to turn off the forwarding. Packets which would have been
forwarded are then answered with an ICMP UNREACHABLE message.
2) routed on our machine will inform sdcsla that we are a gateway
to the milnet, and routed on sdcsla will in turn inform every
machine on ucsd's local network.
Don't run routed unless you have to (for a local net, perhaps). In any
case, turning off forwarding will stop the traffic.
3) egp (kirton at usc-isif's egp) on our machine will inform every
machine on the milnet that we are a gateway to ucsd's local
network.
Why are you running EGP if you don't want to be a gateway? If you run it
because you want to keep your routes up to date, then you should use the
"egpnetsreachable" config command (in the file etc-egp) to restrict the nets
that are advertised by EGP. If you are a gateway between MILNET and some
local net you don't mention in your message, then you will have to hack
ip_forward in netinet/ip_input.c to exclude the point-to-point net plus all
the nets behind sdcsla.
4) Has anyone else had to deal with keeping networks disjoint,
both speaking IP? Any ideas on controlling 4.2bsd packet
forwarding, or routed/egp routing information?
In addition to the above, we (CSNET) have to restrict our non-domestic X.25
sites from sending or receiving packets from the Internet. The solution in
this case is (unfortunately) to hack ip_forward as mentioned above.
Thanks,
Ron Stanonik
stanonik at nprdc
Good luck! Let me know what you finally do.
Dennis Rockwell
CSNET Technical Staff
More information about the Comp.unix
mailing list