Process Software MultiNet V5.0 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz,
OpenVMS AXP V7.3-2

This machine has two ethernet interfaces, one of which has been disused for
a long time but is now being considered for connecting some wireless gear.

One of the reasons for doing this is to use MultiNet to isolate the wireless
bits of the network from the rest of the office LAN (thus hopefully minimising
the "leakage" should the wireless network be hacked). The sole purpose of
these wireless devices is to TELNET to the AlphaServer so putting a firewall
appliance in place would seem to offer little benefit, given that the
AlphaServer already has a spare ethernet port.

This then raises a couple of questions.

1. In general, for services handled by the MASTER_SERVER process, can the
services be configured to listen on one interface and not the other?
Or can we only set ACCEPT-NETS and REJECT-NETS ? To put the same
question another way, *will* these services automatically listen on both

2. Can the DNS server be configured to listen on one interface and not the
other? Can it be configured to restrict the type of queries from one
interface and not the other? E.g. from the "wireless" interface respond
only to queries for a specific domain name?

3. Will the NTP server listen and respond on both interfaces?

As an aside, is there any feel for how much CPU load the kernel-level packet
filter imposes on a system? I'm thinking we might like to experiment with
it if insufficient access control is provided via MU CONFIG/SERVER or other
services which don't use MASTER_SERVER.


Jeremy Begg

| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
| P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |