I ran across this old post by Dave Presotto when someone inquired about Plan 9 as a firewall: If you have multiple Plan 9 machines, you can use one as an inside/outside machine and just import it's outside interface onto the inside machines. For example, this is how we configure our outside interface.
# second ethernet to serve the outside IP echo starting ether 1 to the outside bind -b '#l1' /net.alt bind -b '#I1' /net.alt ip/ipconfig -x /net.alt -g 204.178.31.1 ether /net.alt/ether1 204.178.31.2 255.255.255.0 ndb/cs -x /net.alt -f /lib/ndb/external ndb/dns -sx /net.alt -f /lib/ndb/external aux/listen -d /rc/bin/service.alt -t /rc/bin/service.alt.auth /net.alt/tcp aux/listen -d /rc/bin/service.alt /net.alt/il Then you can import that interface to inside machines. import achille /net.alt /net.alt This has the advantage of letting you announce nothing on the outside so that you don't have to worry about attacks. You can do anything you want on the inside and packets can't get out. ************** If one is running a mail server and has it inside their firewall and if using one IP then t has to use NAT. Couldn't one presumeably use the setup above and run a mail server on Plan 9 and bypass having to use NAT? And also do the same thing for a web server? ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Te43262c53bc71855-M75c1bb2430ae13472a6abdd9 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
