Subject: Re: IPNat and Ethernet
To: Mark de Jong <mdj@home.com>
From: Bob Gustafson <bobgus@mcs.com>
List: port-mac68k
Date: 11/05/1998 10:46:40
Check the O'Reilly book - "Building Internet Firewalls" by Chapman and
Zwicky. There are several pictures of different topologies which can be
used to create firewalls.
With your topology, you are depending on what your ISP has for a router -
does it filter odd packets? It is outside your control anyway, so it
should not be depended on.
To sleep better at night, you should really consider getting another
ethernet card for your firewall machine. If you do not forward packets
between ethernet interfaces, but use a proxy server running on the firewall
machine, you have the beginnings of an effective firewall.
Plug cable modem into one ethernet interface, all the rest of your machines
to a hub connected to the second ethernet interface.
---
I see you are using @home.com What kind of speeds are you getting? How is
@home for service (i.e., are you up 99.999% of the time?) What is the cost?
>Ah, I see the source of confusion. All my macs are connected to a hub ...
>as is the cable modem. So, it looks like this:
>
> -------------
> outside world <---> | Cable Modem |
> -------------
> ^
> |
> v
> -------------
> | Hub |
> -------------
> ^ ^ ^
> | | |
> ---------- | -------
> | | |
> v v v
> -------- -------- --------
> | Mac #1 | | Mac #2 | | Mac #3 |
> | NetBSD | | MacOS | | MacOS |
> -------- -------- --------
>
>And I'd like the NetBSD machine to be the gateway. Currently, it's Mac #2
>running IPNetRouter.
>
>I hope this makes sense.
>
> -- Mark
>
>>Mark de Jong wrote:
>>> Hi,
>>>
>>> I was reading the "How-TO regarding IP-NAT" by Armen Babikyan,
>>> armenb@moof.ai.mit.edu and came to the following disturbing line:
>>>
>>> "if you have a cable modem you wish to route data over, be sure to have the
>>> correct device number (cable modem and your lan will both be using
>>> Ethernet, so you will need two Ethernet cards for your machine!) and
>>> replace the device number (most likely either ae0 or ae1)."
>>>
>>> Do I really need two ethernet cards for this to work? My goal is to make my
>>> MacIIcx my gateway machine for all the rest of my Macs on the net. Up until
>>> now I have been running "IPNetRouter" under MacOS, and it works great ...
>>> with one ethernet connection.
>>>
>>> Is there anyway to use IP-Nat on NetBSD without the need for two ethernet
>>> cards?
>>
>>most cable modems connect to an ethernet card. what does yours connect
>>to? if it connects to your ethernet card, what are the other machines on
>>the network connected to?
>>
>>in order for a machine to be a gateway, you usually have a setup like:
>>
>> ---------------------------
>> | |
>> outside world <---->| interface1 interface2 | <------> LAN
>> | |
>> | gateway machine |
>> ---------------------------
>>
>>in your case, interface1 would be the cable modem, and interface2 is
>>probably an ethernet card. is this not how your system is set up?
>>
>>later.
>>
>>colin
>
>
>___________________________________________________________________________
>Mark de Jong Macintosh Development mdj@home.com