D-Link DFL-260E User Manual for DFL-260E - Page 186
Routing Rules can use IPv4 or IPv6 Addresses, The Forward and Return Routing Table can be Different
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 186 highlights
4.3. Policy-based Routing Chapter 4. Routing the core interface (which are routes to NetDefendOS itself). 4. Click OK Routing Rules can use IPv4 or IPv6 Addresses Routing rules support either IPv4 or IPv6 addresses as the source and destination network for a rule's filtering properties. However both the source and destination network must be either IPv4 or IPv6. It is not permissible to combine IPv4 and IPv6 addresses in a single rule. For further discussion of this topic, see Section 3.2, "IPv6 Support". The Forward and Return Routing Table can be Different In most cases, the routing table for forward and return traffic will be the same. In some cases it can be advantagous to have different values. Take the example of a firewall with two hypothetical interfaces wan1 and wan2 connected to two ISPs plus a protected network lannet on the lan interface. There are two routing tables, the main routing table and an isp2 routing table which look like the following: The main routing table Index # 1 2 Interface lan wan1 Network lannet all_nets Gateway isp1_ip The isp2 routing table Index # 1 Interface wan2 Destination all_nets Gateway isp2_ip If traffic coming through wan2 is to have access to lannet then a routing rule needs to constructed as follows: Source Interface wan2 Source Network all-nets Destination Interface any Destination Network lannet Forward Routing Table main Return Routing Table isp2 This rule allows the forward traffic through the wan2 table to find the route for lannet in the main routing table. The return traffic will use the isp2 table so it can reach the initiator of the connection. This example should also have some address transation rules since lannet will probably be a private IP network. For simplicity, that has been omitted. The Routing Table Selection Process When a packet corresponding to a new connection first arrives, the processing steps are as follows to determine which routing table is chosen: 1. The routing rules are first be looked up but to do this the packet's destination interface must be determined and this is always done by a lookup in the main routing table. It is therefore important that a match for the destination network is found or at least a default all-nets route 186