Subject: NetBSD-based repeater
To: None <tech-net@netbsd.org>
From: Chris Jones <cjones@rupert.honors.montana.edu>
List: tech-net
Date: 02/09/1999 09:28:05
Much to my dismay, my bosses have decided that we need a firewall.
What really dismays me, however, is the fact that the network people
appear unwilling or unable to provide us with a subnet for the
machines that need to go behind the firewall.
My original plan was to start by turning a BSD box into a router, and
then install ipf, and gradually crank down the security until we get
something reasonable. However, I don't know how to make this thing be
a router if there aren't discrete subnets to route between. Is it
even possible to turn a BSD box into something like an ethernet
repeater?
I was thinking that, if all else fails, I can run proxy ARP on it,
with a static, manually-maintained table of ethernet addresses. Then
I could add a route for each of these hosts, pointing out the correct
interface.
However, I haven't been able to get that to work; "netstat -nr" shows
the host routes going out the correct interface, but the packets don't
appear to go there. I may have messed something up, though; I should
probably hack on it some more.
If anybody has some advice for me, I'd really appreciate it. Please
CC: me, since I don't normally read this list.
Chris
--
-----------------------------------------------------cjones@math.montana.edu
Chris Jones cjones@honors.montana.edu
Mad scientist at large cjones@nervana.montana.edu
"Is this going to be a stand-up programming session, sir, or another bug hunt?"