Hi!

I have the following problem.

I have a router sharing an internet connection using NAT. It works very 
nice and well.

Now I added an alias to the local interface, and set up some machines on 
the same link to use the subnet of the alias IP, as opposed to the 
original local address of the router.

What I want is to have the router only forward packets between the 
exetrnal interface and the local subnets, but not between the two local 
subnets. net.inet.ip.forwarding=1 enables forwarding among any subnets 
the router is connected to.

I guess this could be done with filtering. But what I would prefer is to 
have the router not even try to forward between the local subnets, 
rather than try it and subsequently fail because a filter. So, 
basically, instead of a global "forwardnig ON" switch, I'd like to 
enable it explicitely for pairs of interfaces or subnets.

Is this possible on NetBSD?

thx
mortee