Subject: Re: NetBSD-based repeater
To: Chris Jones <email@example.com>
From: Stefan Grefen <firstname.lastname@example.org>
Date: 02/09/1999 22:40:25
In message <email@example.com> Chris Jones wrote:
> Much to my dismay, my bosses have decided that we need a firewall.
> What really dismays me, however, is the fact that the network people
> appear unwilling or unable to provide us with a subnet for the
> machines that need to go behind the firewall.
> My original plan was to start by turning a BSD box into a router, and
> then install ipf, and gradually crank down the security until we get
> something reasonable. However, I don't know how to make this thing be
> a router if there aren't discrete subnets to route between. Is it
> even possible to turn a BSD box into something like an ethernet
> I was thinking that, if all else fails, I can run proxy ARP on it,
> with a static, manually-maintained table of ethernet addresses. Then
> I could add a route for each of these hosts, pointing out the correct
You can forward stuff with ipf on an host by host basis using the
'fastroute/froute/to' keyword (they all mean the same).
This bypasses the kernel routing.
> However, I haven't been able to get that to work; "netstat -nr" shows
> the host routes going out the correct interface, but the packets don't
> appear to go there. I may have messed something up, though; I should
> probably hack on it some more.
> If anybody has some advice for me, I'd really appreciate it. Please
> CC: me, since I don't normally read this list.
> Chris Jones firstname.lastname@example.org
> Mad scientist at large email@example.com
> "Is this going to be a stand-up programming session, sir, or another bug hunt?"
Stefan Grefen Tandem Computers Europe Inc.
firstname.lastname@example.org High Performance Research Center
--- Hacking's just another word for nothing left to kludge. ---