Configuring NetDefendOS requires that a
6in4 Tunnel
object is set up with the object properties
being used in the following way:
•
Remote Network
This is the IPv6 prefix used by the client hosts.
•
IP Address
The inner IPv6 address of the endpoint local to this broker firewall. This address should not be
accessible by anything else. NetDefendOS will automatically create a route for it that has
core
as the interface (in other words, a
core route
).
•
Remote Endpoint
The IPv4 address of the connecting tunnel's remote Ethernet interface. This can also be a
DNS-resolvable address.
When acting as a server, a single
6in4 Tunnel
object can accept a connection from only one
incoming tunnel. Separate tunnel objects must be configured for other incoming tunnels. ICMP
error messages must also be allowed when NetDefendOS acts as a server so that MTU sizes can
be correctly adjusted.
3.4.9. Loopback Interfaces
A
Loopback Interface
is a logical NetDefendOS interface that will take all traffic sent through it
and send it out through a second configured loopback interface. Loopback interfaces are
consequently always configured in pairs, with each referring to the other.
For example, suppose a pair of
Loopback Interface
objects are configured called
LB1
and
LB2
and
each is defined to be paired with the other. When traffic is sent through the
LB1
interface, it is
simultaneously received on the
LB2
interface with the transfer occurring virtually, entirely within
NetDefendOS. Similarly, when traffic is sent through
LB2
, it is received on
LB1
. This is exactly the
same as if the two interfaces were two physical Ethernet interfaces which are connected to each
other.
IPv6 can be used with a Loopback Interface
Loopback interfaces can be used with both IPv4 and IPv6 traffic. A
Loopback Interface
object
must always have an IPv4 address and network assigned to it. By turning on the
Enable IPv6
property of a
Loopback Interface
object, an IPv6 address and network can also be defined, in
addition to the mandatory IPv4 information. The grouping of both IPv4 and IPv6 address
information in a
Loopback Interface
object does not imply any relationship between them. IPv6
loopback addresses are defined this way for configuration simplicity.
Loopback Interface Usage with Virtual Routing
Loopback interfaces are usually used with NetDefendOS
Virtual Routing
. In virtual routing, it is
possible to divide up a single NetDefend Firewall's operations so that it behaves as multiple
virtual firewalls. This is done by having multiple routing tables so that each table handles the
routing for one set of interfaces.
In virtual routing, the routing tables and their associated routes can be totally isolated from each
other so that related traffic flows are completely separate. However, if certain traffic needs to
flow between interfaces in separate routing tables, a loopback interface pair must be used (also
see
Section 4.5, “Virtual Routing”
).
Chapter 3: Fundamentals
213
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...