D-Link DFL-260E User Manual for DFL-260E - Page 187
Access Rules, ordering, parameter
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 187 highlights
4.3. Policy-based Routing Chapter 4. Routing exists which can catch anything not explicitly matched. 2. A search is now made for a routing rule that matches the packet's source/destination interface/network as well as service. If a matching rule is found then this determines the routing table to use. If no routing rule is found then the main table will be used. 3. Once the correct routing table has been located, a check is made to make sure that the source IP address in fact belongs on the receiving interface. The Access Rules are firstly examined to see if they can provide this check (see Section 6.1, "Access Rules" for more details of this feature). If there are no Access Rules or a match with the rules cannot be found, a reverse lookup in the previously selected routing table is done using the source IP address. If the check fails then a Default access rule log error message is generated. 4. At this point, using the routing table selected, the actual route lookup is done to find the packet's destination interface. At this point the ordering parameter is used to determine how the actual lookup is done and the options for this are described in the next section. To implement virtual systems, the Only ordering option should be used. 5. The connection is then subject to the normal IP rule set. If a SAT rule is encountered, address translation will be performed. The decision of which routing table to use is made before carrying out address translation but the actual route lookup is performed on the altered address. Note that the original route lookup to find the destination interface used for all rule look-ups was done with the original, untranslated address. 6. If allowed by the IP rule set, the new connection is opened in the NetDefendOS state table and the packet forwarded through this connection. The Ordering parameter Once the routing table for a new connection is chosen and that table is an alternate routing table, the Ordering parameter associated with the table is used to decide how the alternate table is combined with the main table to lookup the appropriate route. The three available options are: 1. Default The default behavior is to first look up the route in the main table. If no matching route is found, or the default route is found (the route with the destination all-nets), a lookup for a matching route in the alternate table is done. If no match is found in the alternate table then the default route in the main table will be used. 2. First This behavior is to first look up the connection's route in the alternate table. If no matching route is found there then the main table is used for the lookup. The default all-nets route will be counted as a match in the alternate table if it exists there. 3. Only This option ignores the existence of any other table except the alternate table so that is the only one used for the lookup. One application of this option is to give the administrator a way to dedicate a single routing table to one set of interfaces. The Only option should be used when creating virtual systems since it can dedicate a routing table to a set of interfaces. The first two options can be regarded as combining the alternate table with the main table and assigning one route if there is a match in both tables. 187