[rescue] Putting an insecure machine on a network
Sheldon T. Hall
shel at tandem.artell.net
Tue Mar 21 15:13:26 CST 2006
Mike F says ...
> Sheldon T. Hall wrote:
> >
> > In any case, adding the SUNW packages let me build IPFilter, even
> > though two of Mike F's listed packages don't seem to be
> > part of Solaris 7.
> >
> > However, the doco for ip_fil3.4.35 indicates that running "make
> > package" will build a package (maybe it does, no error messages
> > anyway) and kick off pkgadd to install it. It certainly
> > doesn't do the
> > latter, and I can't figure out which of the zillion files
> > and directories holds or _is_ the alledged package.
>
> The package should be somewhere under the directory in which
> you built it; it'll be something like "ipf.pkg".
> pkgadd -d `find ./ -name *.pkg` should do what you need.
... And it does!
Hot damn. You da man.
Now, just one more little question....
The box on which you just solved my ipfilter installation issues has two NICs.
The built-in le0 is on my 192.168.0.0 network, with a gateway of 192.168.0.1
providing access to the internet.
I want to use the hme0 add-in NIC to provide access for the insecure laptop.
I'd like for it to be in some completely different subnet (say 10.0.0.0/8),
and to have access through the Solaris box _only_ to 192.168.0.1. No access
to th Solaris box itself, and no access to the rest of my 192.168.0.0/24
network.
I _thought_ I knew how to do this, but it seems I don't. Can you endure
giving me a tad more help on this?
Thanks.
-Shel
More information about the rescue
mailing list