[rescue] Putting an insecure machine on a network

Sheldon T. Hall shel at tandem.artell.net
Sat Mar 18 11:19:49 CST 2006

I need to connect to my network a completely insecure machine that cannot be
secured.  I want to isolate it in a way that prevents it from connecting to
anything but one address over the Internet, and do so in a way that cannot be
subverted without physical access to the machine.

I'm on DSL, and have one fixed IP address.  Behind that, a typical DSL modem
with NAT and various port forwarding to my servers.

I have a Sun SPARCclassic running Solaris 7 that has two NICs. One is on my
internal network, the other is unused. Is there a way I can activate the
second NIC and "lock" it in a way that any machine connected to it only has
access to one IP address on the Internet, and no access to the Sun itself or
to any machine on my network?

Thanks for any suggestions.


More information about the rescue mailing list