hubcap@hubcap.clemson.edu (System Janitor) (01/03/91)
Hi... does anyone know how to make a unix host act as a firewall? I have a DECstation that is acting as the router for a network of PCs. I don't want anonyomous PC users to be able to telnet anywhere they want on the Internet, but only to other hosts, specified by us, on our class B network. In otherwords, I want it to be a firewall. So far the only way I've been able to do what I want is by adding a static route to the DECstation gateway (this gets the PC's packets out) and a static route to the external host I want to be able to reach (this gets that host's packets back in). This is workable, but not desireable from a management standpoint (if there were 100 hosts on campus that the PCs might need to reach, that would mean 100 static routes would have to be added by hand to all 100 hosts). I fooled around with gated some, in particular with the pointtopoint RIP option. I told gated to only do pointotpoint RIP and that the sourceripgateway was one of the SUN servers on campus. I hoped that this would allow the PCs to have connectivity with the SUN (and the subnet it serves) but the PCs ended up with full connectivity to everywhere via ICMP redirects through the SUN server. Any ideas? -Mike