Routing and WAN connections
390
11.6
Advanced Routing and Forwarding
BAT54-Rail/F..
Release
7.54
06/08
D Default: Any
Note: Using the bridge groups (’Assigning logical interfaces to bridge groups’
→ page 413) is an important aspect of network security. Many applica-
tions demand that an intranet is valid for several logical interfaces, for ex-
ample so that clients in the LAN and in the WLAN can communicate with
one another easily; only certain logical interfaces are reserved for the
DMZ. By grouping certain logical interfaces (e.g. LAN-1 to LAN-3 and all
WLANs) to a bridge group and assigning the intranet to this group, the
network for the DMZ (LAN-4) can be kept separate from the intranet.
Bridge groups are only available on devices with a WLAN module.
To bond several networks to one logical interface, the corresponding
number of entries are added (with different network names and different
IP addresses or netmasks) and all of these are assigned to the same
interface.
Note: Loopback addresses are not defined with the IP network's table, but in
a separate table instead (’Named loopback addresses’ → page 159). The
routing tag defined at the same time controls which networks can "see"
the loopback address.
D Source check
This option determines how to react to a packet received over this inter-
face.
D Loose: All source addresses are accepted if the BAT Router itself is
being addressed; no return route has to be available.
D Strict: A return route has to be explicitly available; otherwise an IDS
alarm is triggered.
D Interface tag
All packets received at the interface are marked with this interface tag.
This tag enables the separation of routes which are valid for this network
even without explicit firewall rules. This tag also has an influence on the
routes propagated by RIP and on the hosts and groups visible to the Net-
BIOS proxy. The interface tag also influences automatic VPN rule gener-
ation: If a routing tag is defined for a VPN route, then automatic VPN rules
are only generated for IP networks with the same interface tag. The net-
work type must also be set to 'Intranet'.
D Values: 0 to 65,535
D Default: 0
D Particular values: 0 (untagged).
To Next Page
Loading...
Need help?
General
