Figure 4.13. Transparent Mode Internet Access
In this situation, any "normal" non-switch all-nets routes in the routing table should be removed and
replaced with an all-nets switch route (not doing this is a common mistake during setup). This
switch route will allow traffic from the local users on Ethernet network pn2 to find the ISP gateway.
These same users should also configure the Internet gateway on their local computers to be the ISPs
gateway address. In non-transparent mode the user's gateway IP would be the D-Link Firewall's IP
address but in transparent mode the ISP's gateway is on the same logical IP network as the users and
will therefore be gw-ip.
NetDefendOS May Also Need Internet Access
The D-Link Firewall also needs to find the public Internet if it is to perform NetDefendOS functions
such as DNS lookup, Web Content Filtering or Anti-Virus and IDP updating. To allow this,
individual "normal" non-switch routes need to be set up in the routing table for each IP address
specifying the interface which leads to the ISP and the ISPs gateway IP address.
If the IP addresses that need to be reached by NetDefendOS are 85.12.184.39 and 194.142.215.15
then the complete routing table for the above example would be:
Route type
Interface
Destination
Gateway
Switch
if1
all-nets
Switch
if2
all-nets
Non-switch
if1
85.12.184.39
gw-ip
Non-switch
if1
194.142.215.15
gw-ip
The appropriate IP rules will also need to be added to the IP rule set to allow Internet access through
the D-Link Firewall.
Grouping IP Addresses
It can be quicker when dealing with many IP addresses to group all the addresses into a single group
IP object and then use that object in a single defined route. In the above example, 85.12.184.39 and
194.142.215.15 could be grouped into a single object in this way.
Using NAT
NAT should not be enabled for NetDefendOS in Transparent Mode since, as explained previously,
the D-Link Firewall is acting like a level 2 switch and address translation is done at the higher IP
OSI layer.
The other consequence of not using NAT is that IP addresses of users accessing the Internet usually
4.7.2. Enabling Internet Access
Chapter 4. Routing
172
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...