Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[9fans] Plan9 Firewalls/routers

341 views
Skip to first unread message

William Staniewicz

unread,
Apr 23, 2001, 1:29:59 PM4/23/01
to
Hopefully, I will be getting DSL service through my
ISP sometime in the near future. I guess the thing to
consider is security. I know Linux has documentation and
versions of the distribution that can provide a firewall.
Is there a way to configure Plan9 as a firewall/router?
If so, what are the hardware and software considerations?

-Bill

andrey mirtchovski

unread,
Apr 23, 2001, 1:34:20 PM4/23/01
to
I know of at least one person who attempted to write some sort of a NAT
service for p9 and use it as a firewall (check the postings from Luchezar
Ionkov about 4-6 months ago) but it was not very succesfull and was
abandoned.

pres...@plan9.bell-labs.com

unread,
Apr 23, 2001, 1:55:34 PM4/23/01
to
Depends on what you want to do. You can just make it a router:

echo -n iprouting > /net/ipifc/clone

Then you get no filterning, just routing.

If you have multiple Plan 9 machines, you can use one as an inside/outside
machine and just import it's outside interface onto the inside
machines. For example, this is how we configure our outside interface.

# second ethernet to serve the outside IP
echo starting ether 1 to the outside
bind -b '#l1' /net.alt
bind -b '#I1' /net.alt
ip/ipconfig -x /net.alt -g 204.178.31.1 ether /net.alt/ether1 204.178.31.2 255.255.255.0
ndb/cs -x /net.alt -f /lib/ndb/external
ndb/dns -sx /net.alt -f /lib/ndb/external
aux/listen -d /rc/bin/service.alt -t /rc/bin/service.alt.auth /net.alt/tcp
aux/listen -d /rc/bin/service.alt /net.alt/il

Then you can import that interface to inside machines.

import achille /net.alt /net.alt

This has the advantage of letting you announce nothing on the outside so that
you don't have to worry about attacks. You can do anything you want on the
inside and packets can't get out.

It has the disadvantage that it only works with plan 9.

Unfortunately all the firewall and bridging code running as apps on Plan 9 is
part of products we sell so we can't give it away.

Eric Grosse

unread,
Apr 23, 2001, 1:59:26 PM4/23/01
to
I have NAPT running in Plan 9 and will add it to the distribution
when it gets more mature. And, to answer an earlier post,
yes it supports the IL protocol.

Eric

Mike Haertel

unread,
Apr 23, 2001, 3:54:06 PM4/23/01
to
presotto wrote:
>Unfortunately all the firewall and bridging code running as apps on Plan 9 is
>part of products we sell so we can't give it away.

Just out of curiosity, what products do you sell that contain Plan 9?

pres...@plan9.bell-labs.com

unread,
Apr 23, 2001, 3:59:23 PM4/23/01
to
The lucent managed firewall, actually Inferno based but its based on the
kernel and would run on plan 9. We're also trying to sell quinlan's bricks,
an encrypted brigde/VLAN, but we've run into problems with the rest of
the company over it.
0 new messages