the core interface (which are routes to NetDefendOS itself).
4. Click OK
Routing Rules can use IPv4 or IPv6 Addresses
Routing rules support either IPv4 or IPv6 addresses as the source and destination network for a
rule's filtering properties.
However both the source and destination network must be either IPv4 or IPv6. It is not permissible
to combine IPv4 and IPv6 addresses in a single rule. For further discussion of this topic, see
Section 3.2, “IPv6 Support”.
The Forward and Return Routing Table can be Different
In most cases, the routing table for forward and return traffic will be the same. In some cases it can
be advantagous to have different values.
Take the example of a firewall with two hypothetical interfaces wan1 and wan2 connected to two
ISPs plus a protected network lannet on the lan interface. There are two routing tables, the main
routing table and an isp2 routing table which look like the following:
The main routing table
Index # Interface Network Gateway
1 lan lannet
2 wan1 all_nets isp1_ip
The isp2 routing table
Index # Interface Destination Gateway
1 wan2 all_nets isp2_ip
If traffic coming through wan2 is to have access to lannet then a routing rule needs to constructed as
follows:
Source
Interface
Source
Network
Destination
Interface
Destination
Network
Forward
Routing Table
Return
Routing Table
wan2 all-nets any lannet main isp2
This rule allows the forward traffic through the wan2 table to find the route for lannet in the main
routing table. The return traffic will use the isp2 table so it can reach the initiator of the connection.
This example should also have some address transation rules since lannet will probably be a private
IP network. For simplicity, that has been omitted.
The Routing Table Selection Process
When a packet corresponding to a new connection first arrives, the processing steps are as follows
to determine which routing table is chosen:
1. The routing rules are first looked up but to do this the packet's destination interface must be
determined and this is always done by a lookup in the main routing table. It is therefore
important that a match for the destination network is found or at least a default all-nets route
4.3. Policy-based Routing Chapter 4. Routing
189
To Next Page
Loading...
