port-mac68k: Re: Appletalk Bridging/Routing

Subject: Re: Appletalk Bridging/Routing
To: None <port-mac68k@netbsd.org>
From: Philip Johnson <pjohn161@bigfoot.com>
List: port-mac68k
Date: 11/02/2000 16:40:57
Just a few thoughts.

Appletalk was not designed with security in mind.  You may want to see if
there is any way to print to the Printer by TCP/IP. You may also be able to
use the NetBSD  box as a print spooler, especially if the stylus is a
postscript printer with netatalk and leave the airport on the outside.

Is the Stylus a postscript printer? If not you could use ghostscript to
make it behave as one.

Current versions of the Laserwriter driver support printing over TCP/IP to
postscript printers and linux line printers.

>I have a rather bizarre network arrangement that I'd like to resolve.
>Currently, I have a NetBSD-mac68k box (Centris 610) serving as an ftp
>server, as well as the firewall for my home network.  I also have a
>printer, an Epson Stylus Color 1520 wide carriage with an ethernet card.
>It's on the internal network.  I also have an airport base station and an
>airport card in my G3 laptop.  For security reasons, the airport is on the
>outside network.  I'd like to be able to print from the airport.
>
>Since I have a pile of ethernet cards, this seems like it should be a
>fairly trivial excercise.  I'm planning to wire it as follows:
>
>
>outside
>    |
> _________
>|  BSD    |
>|  BOX    |    __________
>|_________|---| Int. Hub |--- Printer
>     |        |__________|--- Various machines
> ____|____
>| Airport |
>|_________|
>
>
>The problem is that the airport needs to look like it's on the OUTSIDE,
>i.e. it needs to fetch an outside DHCP address from the main DHCP server.
>So I need effectively transparent bridging to the outside for everything
>except appletalk packets.  I need DDP to be routed, but only between hosts
>on the Airport link and that ONE device (the printer), to prevent opening
>up a huge security hole.
>
>Any suggestions on how to set this up?  Is there a way to do this with
>netatalk, or does this call for CAP?  Can NetBSD even do that sort of
>bridging?
>
>
>Ideas?
>David
>
>---------------------------------------------------------------------
>                    Check out my weekly web comic:
>                     http://www.techmagazine.org