I have a central gateway system. This system is the link between
4 distinct networks (10.0, 10.1, 10.2, and 10.3). All 4 networks
need to see this server and its data. Yes this system has 4 adapters
with 4 local connections (not routed).

Currently I have IP Forwarding enabled and all 4 networks can commnicate
through this central system. However, I would like to keep 10.2 from
communicating with 10.3. But both 10.2 and 10.3 still need to be able
to communicate to 10.0 and 10.1 (through this system). And of course
10.0 and 10.1 still need to communicate.

Any ideas on keeping 10.2 packets from being forwarded to the 10.3
interface and vice versa?

- Matt
--
__________________________________________________ _____________________
Matthew Landt - AIX and HACMP Cert. Specialist - landt@austin.ibm.com
IBM High Speed Interconnect - Fibre Channel I/O Dev/Test/Support
<< Comments, views, and opinions are mine alone, not IBM's. >>

In article <cbt9kj$87k$1@ausnews.austin.ibm.com>,
Matt <landt@austin.ibm.com> wrote:
>I have a central gateway system. This system is the link between
>4 distinct networks (10.0, 10.1, 10.2, and 10.3). All 4 networks
>need to see this server and its data. Yes this system has 4 adapters
>with 4 local connections (not routed).
>
>Currently I have IP Forwarding enabled and all 4 networks can commnicate
>through this central system. However, I would like to keep 10.2 from
>communicating with 10.3. But both 10.2 and 10.3 still need to be able
>to communicate to 10.0 and 10.1 (through this system). And of course
>10.0 and 10.1 still need to communicate.
>
>Any ideas on keeping 10.2 packets from being forwarded to the 10.3
>interface and vice versa?

Hi Matt,

I think you can use AIX's built-in IPSEC filtering tools to do
this. Look for "genfilt" et al., in /usr/sbin, and turn on "IP
Security" via "smit".

Ken
--
Ken Bell :: kenbell@panix.com :: (212) 475-4976 (voice)