Configuring NetDefendOS requires that a 6in4 Tunnel object is set up with the object properties
being used in the following way:
• Remote Network
This is the IPv6 prefix used by the client hosts.
• IP Address
The inner IPv6 address of the endpoint local to this broker firewall. This address should not be
accessible by anything else. NetDefendOS will automatically create a route for it that has core
as the interface (in other words, a core route).
• Remote Endpoint
The IPv4 address of the connecting tunnel's remote Ethernet interface. This can also be a
DNS-resolvable address.
When acting as a server, a single 6in4 Tunnel object can accept a connection from only one
incoming tunnel. Separate tunnel objects must be configured for other incoming tunnels. ICMP
error messages must also be allowed when NetDefendOS acts as a server so that MTU sizes can
be correctly adjusted.
3.4.9. Loopback Interfaces
A Loopback Interface is a logical NetDefendOS interface that will take all traffic sent through it
and send it out through a second configured loopback interface. Loopback interfaces are
consequently always configured in pairs, with each referring to the other.
For example, suppose a pair of Loopback Interface objects are configured called LB1 and LB2 and
each is defined to be paired with the other. When traffic is sent through the LB1 interface, it is
simultaneously received on the LB2 interface with the transfer occurring virtually, entirely within
NetDefendOS. Similarly, when traffic is sent through LB2, it is received on LB1. This is exactly the
same as if the two interfaces were two physical Ethernet interfaces which are connected to each
other.
IPv6 can be used with a Loopback Interface
Loopback interfaces can be used with both IPv4 and IPv6 traffic. A Loopback Interface object
must always have an IPv4 address and network assigned to it. By turning on the Enable IPv6
property of a Loopback Interface object, an IPv6 address and network can also be defined, in
addition to the mandatory IPv4 information. The grouping of both IPv4 and IPv6 address
information in a Loopback Interface object does not imply any relationship between them. IPv6
loopback addresses are defined this way for configuration simplicity.
Loopback Interface Usage with Virtual Routing
Loopback interfaces are usually used with NetDefendOS Virtual Routing. In virtual routing, it is
possible to divide up a single NetDefend Firewall's operations so that it behaves as multiple
virtual firewalls. This is done by having multiple routing tables so that each table handles the
routing for one set of interfaces.
In virtual routing, the routing tables and their associated routes can be totally isolated from each
other so that related traffic flows are completely separate. However, if certain traffic needs to
flow between interfaces in separate routing tables, a loopback interface pair must be used (also
see Section 4.5, “Virtual Routing”).
Chapter 3: Fundamentals
213
To Next Page
Loading...
