As part of a firewall configuration, I want to configure a UNIX system
with two ethernet ports: one to the wild and wooly outside and one to the
trusted folks on the inside. I would like to offer no services on the
outside port but be rather liberal in services offered to the insiders.
(More generally, I would like to be able to offer different sets of
services on each port.)
However, I can find no way to configure inetd to do this. There is no
interface argument on inetd, nor on any of the service deamons, nor on
ifconfig. I realize that tcpwrapper might control this, but I would like
to block access earlier than that, plus some of the inside services I
want to offer cannot be controlled by tcpwrapper.
I am planning to put a router outside of my firewall machine, but
want an additional barrier against failure of the router.
I am using a Sun SPARCstation and Sun OS 4.1.3 for my research, but the
results will be applied to other systems; so a UNIX-wide solution is
preferrable, but an OS-specific one will still be helpful, as we might be
able to obtain a specific machine for this use.
Thanks in advance.
-Dave Thompson, SAIC
Follow-Ups:
|
|
