Re: [9fans] Plan9 Firewalls/routers

Re: [9fans] Plan9 Firewalls/routers

[presotto]

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

Depends on what you want to do.  You can just make it a router:

	echo -n iprouting > /net/ipifc/clone

Then you get no filterning, just routing.

If you have multiple Plan 9 machines, you can use one as an inside/outside
machine and just import it's outside interface onto the inside
machines.  For example, this is how we configure our outside interface.

	# second ethernet to serve the outside IP
	echo starting ether 1 to the outside
	bind -b '#l1' /net.alt
	bind -b '#I1' /net.alt
	ip/ipconfig -x /net.alt -g 204.178.31.1 ether /net.alt/ether1 204.178.31.2 255.255.255.0
	ndb/cs -x /net.alt -f /lib/ndb/external
	ndb/dns -sx /net.alt -f /lib/ndb/external
	aux/listen -d /rc/bin/service.alt -t /rc/bin/service.alt.auth /net.alt/tcp
	aux/listen -d /rc/bin/service.alt /net.alt/il

Then you can import that interface to inside machines.

	import achille /net.alt /net.alt

This has the advantage of letting you announce nothing on the outside so that
you don't have to worry about attacks.  You can do anything you want on the
inside and packets can't get out.

It has the disadvantage that it only works with plan 9.

Unfortunately all the firewall and bridging code running as apps on Plan 9 is
part of products we sell so we can't give it away.

[-- Attachment #2: Type: message/rfc822, Size: 1897 bytes --]

From: William Staniewicz <wstan@localhostnl.demon.nl>
To: 9fans@cse.psu.edu
Subject: [9fans] Plan9 Firewalls/routers
Date: Mon, 23 Apr 2001 19:08:46 +0000
Message-ID: <20010423190846.A3765@localhostnl.demon.nl>

Hopefully, I will be getting DSL service through my
ISP sometime in the near future. I guess the thing to
consider is security. I know Linux has documentation and
versions of the distribution that can provide a firewall.
Is there a way to configure Plan9 as a firewall/router?
If so, what are the hardware and software considerations?

		-Bill

Re: [9fans] Plan9 Firewalls/routers

[Mike Haertel]

presotto wrote:
>Unfortunately all the firewall and bridging code running as apps on Plan 9 is
>part of products we sell so we can't give it away.

Just out of curiosity, what products do you sell that contain Plan 9?

Re: [9fans] Plan9 Firewalls/routers

[Eric Grosse]

I have NAPT running in Plan 9 and will add it to the distribution
when it gets more mature.    And, to answer an earlier post,
yes it supports the IL protocol.

Eric

[9fans] Plan9 Firewalls/routers

[William Staniewicz]

Hopefully, I will be getting DSL service through my
ISP sometime in the near future. I guess the thing to
consider is security. I know Linux has documentation and
versions of the distribution that can provide a firewall.
Is there a way to configure Plan9 as a firewall/router?
If so, what are the hardware and software considerations?

		-Bill

Re: [9fans] Plan9 Firewalls/routers

[andrey mirtchovski]

I know of at least one person who attempted to write some sort of a NAT
service for p9 and use it as a firewall (check the postings from Luchezar
Ionkov about 4-6 months ago) but it was not very succesfull and was
abandoned.



On Mon, 23 Apr 2001, William Staniewicz wrote:

> Hopefully, I will be getting DSL service through my
> ISP sometime in the near future. I guess the thing to
> consider is security. I know Linux has documentation and
> versions of the distribution that can provide a firewall.
> Is there a way to configure Plan9 as a firewall/router?
> If so, what are the hardware and software considerations?
>
> 		-Bill
>
>

Re: [9fans] Plan9 Firewalls/routers

[presotto]

The lucent managed firewall, actually Inferno based but its based on the
kernel and would run on plan 9.  We're also trying to sell quinlan's bricks,
an encrypted brigde/VLAN, but we've run into problems with the rest of
the company over it.