Jim Walker wrote: > The problem I'm seeing is other systems on the 10.10.46.0 network > are using 10.10.46.128 as their router. > > Is there a way to limit routing to just the internal virtual network?
Can you provide more details on what the problem is? Is the problem that systems on 10.10.46.0/24 are acquiring routes pointing to .128 as a router (default or otherwise)? If so, then that implies that you want to disable routing advertisements on that interface, or perhaps all advertising. How do you have your routing protocols configured? Is the problem that there are systems on the 10.10.46.0/24 network that have (maliciously?) set .128 as a next hop gateway for routes, and you don't want them to be _able_ to use this system that way? If so, then I think you're probably looking at configuring IP Filter to exclude the "unwanted" traffic. Is the problem that you have packets forwarding through 10.10.46.0/24 on this system, and that's just fine, but you don't want _certain_ remote destinations to be reachable through there? If so, then that might be a configuration issue on those other systems, or a routing protocol configuration problem, or perhaps yet another usage case for IP Filter. Please clarify and provide specific examples of the issues you see. > If I use this command "# ifconfig nge0 -router" to disable the > physical network the virtual router is also disabled. The "-router" option turns off IFF_ROUTER, which disables all IP forwarding on that interface. It's the modern equivalent of the old "ndd -set /dev/ip nge0:ip_forwarding 0" mechanism. -- James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
