Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: HAN IP addresses
- To: tlug@example.com
- Subject: Re: tlug: HAN IP addresses
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Fri, 28 Feb 1997 14:02:02 +0900
- In-reply-to: Your message of "Fri, 28 Feb 1997 11:21:21 +0900." <199702280221.LAA14188@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
--------------------------------------------------------
tlug note from "Stephen J. Turnbull" <turnbull@example.com>
--------------------------------------------------------
>>>>> "John" == John Little <gaijin@example.com> writes:
>> How did you decide on local IP addresses? Is it possible that
>> you could make a naming mistake that would adversly affect your
>> ISP?
John> Jim,
John> There's an RFC on ranges of IP addresses for "private",
John> non-internet connected addresses (see below), and I use an
John> address within this range for my home network.
John> This, of course, could confuse things even more than
John> before (there could be hundreds of other people using your
John> "private" address range
The Firewalls Book ("Firewalls and Internet Security," Cheswick and
Bellovin, ISBN 0-201-63357-4) has a fair amount on these issues. I
believe there is also a Linux HOWTO but I haven't upgraded my docs for
a while.
The main purpose of this note is to strongly recommend this book.
It's a good read and quite complete. Although it's billed as
anti-hacker, Internet security also has a lot to do with not shooting
yourself in the foot. Especially with a private network, it's easy
enough to do, although not usually disasterous.
John> I have to admit to heresy here, in that my gateway
John> machine is running Solaris. Turning off IP forwarding is a
John> single line in the /etc/inetinit file:-
John> ndd -set /dev/ip ip_forwarding 0
John> and preventing RIP packets getting out is a matter of
John> creating an /etc/gateways file specifying:-
John> noripout ipdptp0
On linux it's likely to be more trouble. In particular, as far as I
know the standard distribution kernels are configured with IP
forwarding and all the other stuff related to gateways and firewalls
and IP masquerading and the like disabled. So you'll probably need to
figure out what to do. On the other hand, Cheswick and Bellovin
specifically recommend Linux as a good platform for building firewalls
as source is available and networking is good and stable.
--
Stephen J. Turnbull
Institute of Policy and Planning Sciences Yaseppochi-Gumi
University of Tsukuba http://turnbull.sk.tsukuba.ac.jp/
Tel: +81 (298) 53-5091; Fax: 55-3849 turnbull@example.com
-----------------------------------------------------------------
a word from the sponsor will appear below
-----------------------------------------------------------------
The TLUG mailing list is proudly sponsored by TWICS - Japan's First
Public-Access Internet System. Now offering 20,000 yen/year flat
rate Internet access with no time charges. Full line of corporate
Internet and intranet products are available. info@example.com
Tel: 03-3351-5977 Fax: 03-3353-6096
- References:
- Re: tlug: HAN IP addresses
- From: gaijin@example.com (John Little)
- Re: tlug: HAN IP addresses
- Prev by Date: Re: tlug: HAN IP addresses
- Next by Date: Re: tlug: bash ?
- Prev by thread: Re: tlug: HAN IP addresses
- Next by thread: tlug: bash ?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |