Paul D. Robertson wrote:
>
> They probably want you to make sure each interface sends packets
> correctly, and that the route tables are set up correctly (static routing).
> If you take the default AIX setup, static routes are held in the ODBM
> database, so once you enter them, you should be fine. You should
> probably do that through SMIT.
>
ok, now I can get through the firewall (without firewall software
loaded),
but none of the internal routers know how to respond to the unsecure
subnet.
does this mean I have to add a static route to all internal(secure)
routers?
or how can I advertise routes to them?
>
> They get taken out of inetd.conf, and rc.tcpip, services just provides names,
> it doesn't enable protocols. The SNG code should block what's running there
> if you have your filters set correctly, but I tend to like to disable all
> the built-in protocols, sendmail, the R commands, and NFS seperately if I
> configure one of these beasts.
>
That makes sense, after I posted the question I realized that. Should
engage
brain before fingers.
--
Thanks!
-steve.
matkoski @
dreamscape .
com
References:
|
|
