Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

routing by interface on Solaris

From: Lance Spitzner <lance () spitzner net>
Date: Thu, 21 Dec 2000 12:05:24 -0600 (CST)
Solaris 8 has a new capability of enabling ip_forwarding
per interface.

According to the Sun Blueprint "Network Settings":
http://www.sun.com/software/solutions/blueprints/1200/network-updt1.pdf

Once can set ip_forwarding per interfaces, example below

ndd -set /dev/ip hme0:ip_forwarding 0
ndd -set /dev/ip hme1:ip_forwarding 1
ndd -set /dev/ip hme2:ip_forwarding 1

This could be advantageous for Firewall management.  For example, in
the above settings, one could use hme0 as the management network,
as ip_forwarding has been disabled.  This helps protect and isolate
the firewall management network from the other connected networks,
as routing has been disabled on that interface.

I have not had a chance to test this capability yet.  Thought
I would toss this idea out to the peanut gallery first :)

Thoughts?

-- 
Lance Spitzner
http://project.honeynet.org


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: