AutoDefaultGatewayRoute: Yes
ReceiveMulticastTraffic: Auto
MemberOfRoutingTable: All
Comments: <empty>
The typical output from this will be similar to the following:
Setting the default gateway on the interface has the additional effect that cOS Core
automatically creates a route in the default main routing table that has the network all-nets
routed on the interface. This means that we do not need to explicitly create this route.
Even though an all-nets route is automatically added, no traffic can flow without the addition of
an IP rule which explicitly allows traffic to flow. Let us assume we want to allow web browsing
from the protected network G1_net on the interface A simple rule to do this would have the
rule's Action property set to the value Allow and is defined with the following command:
The IP rule set main always exists by default and is a top level CLI context. Add an IP rule called
lan_to_wan to allow the traffic through to the public Internet:
Device:/> add IPRule Action=Allow
SourceInterface=G1
SourceNetwork=InterfaceAddresses/G1_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=http
Name=lan_to_wan
This IP rule would be correct if the internal network hosts have public IPv4 addresses but in most
scenarios this will not be true and internal hosts will have private IPv4 addresses. In that case, we
must use NAT to send out traffic so that the apparent source IP address is the IP of the interface
connected to the ISP. To do this we simply change the Action property in the above command
from a value of Allow to a value of NAT:
Device:/main> add IPRule Action=NAT
SourceInterface=G1
SourceNetwork=InterfaceAddresses/G1_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=http
Name=lan_to_wan
The service used in the IP rule is http which will allow most web browsing but does not include
the DNS protocol to resolve URLs into IP addresses. To solve this problem, a custom service could
be used in the above rule which combines http with the dns-all service. However, the
recommended method which provides the most clarity to a configuration is to create a separate
IP rule for DNS:
Device:/main> add IPRule Action=NAT
SourceInterface=G1
SourceNetwork=InterfaceAddresses/G1_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=dns-all
Name=lan_to_wan_dns
It is recommended that at least one DNS server is also defined in cOS Core. This DSN server or
servers (a maximum of three can be configured) will be used when cOS Core itself needs to
resolve URLs which will be the case when a URL is specified in a configuration instead of an IP
address. If we assume an IP address object called dns1_address has already been defined for the
first DNS server, the command to specify the first DNS server is:
Device:/> set DNS DNSServer1=dns1_address
Chapter 4: cOS Core Configuration
56
To Next Page
Loading...