Hi!

I have the following problem.

I have a router sharing an internet connection using NAT. It works very
nice and well.

Now I added an alias to the local interface, and set up some machines on
the same link to use the subnet of the alias IP, as opposed to the
original local address of the router.

What I want is to have the router only forward packets between the
exetrnal interface and the local subnets, but not between the two local
subnets. net.inet.ip.forwarding=1 enables forwarding among any subnets
the router is connected to.

I guess this could be done with filtering. But what I would prefer is to
have the router not even try to forward between the local subnets,
rather than try it and subsequently fail because a filter. So,
basically, instead of a global "forwardnig ON" switch, I'd like to
enable it explicitely for pairs of interfaces or subnets.

Is this possible on NetBSD?

thx
mortee