Sun Jul 8 09:15:08 EDT 2012

Sandboxing problem

I'm trying to set up a sandbox that needs a separate DHCP server and a
shielded (NATted) address space.  This is hosted on a guest network,
but the packets are transported raw over the trusted network.

This doesn't fit in the current firewall rules because it is a
security problem in general, though not so because the device that
uses it is fully controlled.

What I really need is a separate gateway that allows only internet
access, and no access to any of the guest or private networks.