Great Circle Associates Firewalls
(September 1996)

Subject: ip forwarding - turning it off ?
From: Larry Chin <larry @ ca . cch . com>
Date: Thu, 19 Sep 1996 06:46:10 -0400 (EDT)
To: Firewalls @ greatcircle . com


Sparc 20 
SunOs 4.1.3_U1
2 ethernet cards
IP forwarding supposedly turned off

 		 le0 ( ) ------- internal net y
external net --- le1 ( )

netstat -nr shows:

Destination        Gateway              Flags    Refcnt Use        Interface            UH       0      197        lo0
default          UG       1      1231       le1          U        3      101        le1          U        3      1036       le0

The default gateway here pointing back to the external network

Kernel has:
options IPFORWARDING="-1"

Having remade the kernel with the above option and rebooted the machine
with this kernel in place if I go to a machine on the external net 
( 192.9.201.x ) , put in an explicit route thusly:

	route add 1

and do a:


the interface will answer with: is alive

I was under the impression that no packets should flow between le0 and
le1 with the IPFORWARDING turned off, such that a ping from the
external net would not receive any answer in the above scenario.

Should a ping of the le0 interface from a node on the external net
receive an "alive" answer ?


Thu Sep 19 06:46:05 EDT 1996
Larry Chin {Larry_Chin @
 ca .
 cch .
 com}	CCH Canadian Ltd.
Phone: 416-441-4001 ext. 349		6 Garamond Court
Fax:   416-441-3544			North York, Ontario, M3C 1Z5

