Routing and WAN connections
408
11.7
Changes in other services
BAT54-Rail/F..
Release
7.54
06/08
D The rule HTTP-COMPANY forces all incoming HTTP connections arriving
via the "INTERNET-BIZ" connection for the company network to be direct-
ed over the interface "COMPANY".
D Correspondingly, the rule HTTP-PRIV forces incoming HTTP packets ar-
riving over the connection "INTERNET-HOME" to be forwarded to the in-
terface "HOME".
D For outgoing connections, the rule INET-COMPANY forwards outgoing
packets from the company network to the connection "INTERNET-BIZ".
D Similarly the rule INET-PRIV forces the the remote site "INTERNET-
HOME" to be used for all packets which are received from the home net-
work.
The networks for the connections INTERNET-BIZ and INTERNET-HOME
are defined by entries in the routing table.
11.7.7 Virtual routers
With interface-dependent filtering in combination with policy-based routing,
virtual routers can be defined for every interface.
Example:
Two separate IP networks are used by the Development and Sales depart-
ments. Both networks are connected to different switch ports although they
use the same network '10.1.1.0/255.255.255.0'. Sales should be able to en-
ter the Internet only, whereas Development should also have access to a
partner company's network ('192.168.1.0/255.255.255.0').
The result is the following routing table (where the Development dept. has tag
2, Sales has tag 1):
If Development and Sales were in IP networks with different address ranges,
then it would be no problem to assign the routing tags with firewall rules.
Since both departments are in the same IP network, the only available meth-
od of assignment is with network names.
IP address IP netmask Rtg tag Peer or IP distance Masquerading Active
192.168.1.0 255.255.255.0 2 PARTNER 0 no yes
192.168.0.0 255.255.0.0 0 0.0.0.0 0 no yes
255.255.255.25
5
0.0.0.0 2 INTERNET 2 yes yes
255.255.255.25
5
0.0.0.0 1 INTERNET 2 yes yes
To Next Page
Loading...
