[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Corner-case question
-----BEGIN PGP SIGNED MESSAGE-----
In message <199708062103.OAA20552@kebe.eng.sun.com>, Dan McDonald writes:
>
> A ==(IPsec through the internet)====== R ------<protected network>----
>
> and the only way it is being "a router" is that it forwards
> packets tunnelled to it to its peers inside the protected
> network? (Remember, a router is a machine that forwards
> packets. That's the extent of the definition.)
If you mean technologically possible, it is; i've been doing this
for quite a while in fact. R is my workstation in the lab and A is
my laptop at home. The only difference is that the protected network
(the lab net) is not all that protected anyway.
>If the answer to my question is yes, there's a small can of worms that opens
>up regarding the routing tables on R (that exercise is left to the reader for
>now).
Not sure what the problem you're refering to is; if it's how you
manage the routing tables of the hosts in the protected net, read
bellow. If it's not that, then please explain.
I used ARP to solve the problem i know; the only change i had to do to the
workstation was to suppress ICMP Redirects if the destination address
in the packet is one for which it advertised an ARP entry. That patch
is rather trivial (assuming a BSD derived net stack). Of course, what
i am doing might be a bit different from what you have in mind.
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBM+j3+L0pBjh2h1kFAQEx9gP+KIw9BHx0+Y4pL2/b21oJPAEUPDxPKANc
ABnpDrxBc07A2GN/FzVABTTn4Y+N82SLPPXsogNtHuDrb7tzqGTMFlflN7inGEJJ
9DJjI1CmGpzn2EAK2nmr9zURvytJskxwDtAbY+vZlzUotQ1UiAG1y1Chp1moji2d
skySk3Tojrg=
=js1c
-----END PGP SIGNATURE-----
References: