From: G B <g_patrickb@yahoo.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Firewall/NAT and importing outside interface
Date: Fri, 8 May 2020 16:45:46 +0000 (UTC) [thread overview]
Message-ID: <1088262094.244310.1588956346600@mail.yahoo.com> (raw)
In-Reply-To: <1088262094.244310.1588956346600.ref@mail.yahoo.com>
[-- Attachment #1: Type: text/plain, Size: 1466 bytes --]
I ran across this old post by Dave Presotto when someone inquired about Plan 9 as a firewall:
If you have multiple Plan 9 machines, you can use one as an inside/outside
machine and just import it's outside interface onto the inside
machines. For example, this is how we configure our outside interface.
# second ethernet to serve the outside IP
echo starting ether 1 to the outside
bind -b '#l1' /net.alt
bind -b '#I1' /net.alt
ip/ipconfig -x /net.alt -g 204.178.31.1 ether /net.alt/ether1 204.178.31.2 255.255.255.0
ndb/cs -x /net.alt -f /lib/ndb/external
ndb/dns -sx /net.alt -f /lib/ndb/external
aux/listen -d /rc/bin/service.alt -t /rc/bin/service.alt.auth /net.alt/tcp
aux/listen -d /rc/bin/service.alt /net.alt/il
Then you can import that interface to inside machines.
import achille /net.alt /net.alt
This has the advantage of letting you announce nothing on the outside so that
you don't have to worry about attacks. You can do anything you want on the
inside and packets can't get out. **************
If one is running a mail server and has it inside their firewall and if using one IP then t has to use NAT. Couldn't one presumeably use the setup above and run a mail server on Plan 9 and bypass having to use NAT? And also do the same thing for a web server?
[-- Attachment #2: Type: text/html, Size: 2196 bytes --]
next parent reply other threads:[~2020-05-08 16:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1088262094.244310.1588956346600.ref@mail.yahoo.com>
2020-05-08 16:45 ` G B [this message]
2020-05-08 17:07 ` [9fans] " hiro
2020-05-08 18:53 ` Robert Sherwood
2020-05-10 18:04 ` Charles Forsyth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1088262094.244310.1588956346600@mail.yahoo.com \
--to=g_patrickb@yahoo.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).