Transparent Mode Internet Access - D-Link NetDefend DFL-210 User Manual

4.7.2. Enabling Internet Access
Chapter 4. Routing
The non-switch route usually needed to allow Internet access would be:
Route type Interface Destination Gateway
Non-switch if1 all-nets gw-ip
Now lets suppose the NetDefend Firewall is to operate in transparent mode between the users and
the ISP. The illustration below shows how, using switch routes, the NetDefend Firewall is set up to
be transparent between the internal physical Ethernet network (pn2) and the Ethernet network to the
ISP's gateway (pn1). The two Ethernet networks are treated as a single logical IP network in
Transparent Mode with a common address range (in this example 192.168.10.0/24).
Figure 4.14. Transparent Mode Internet Access
In this situation, any "normal" non-switch all-nets routes in the routing table should be removed and
replaced with an all-nets switch route (not doing this is a common mistake during setup). This
switch route will allow traffic from the local users on Ethernet network pn2 to find the ISP gateway.
These same users should also configure the Internet gateway on their local computers to be the ISPs
gateway address. In non-transparent mode the user's gateway IP would be the NetDefend Firewall's
IP address but in transparent mode the ISP's gateway is on the same logical IP network as the users
and will therefore be gw-ip.
NetDefendOS May Also Need Internet Access
The NetDefend Firewall also needs to find the public Internet if it is to perform NetDefendOS
functions such as DNS lookup, Web Content Filtering or Anti-Virus and IDP updating. To allow
this, individual "normal" non-switch routes need to be set up in the routing table for each IP address
specifying the interface which leads to the ISP and the ISPs gateway IP address.
If the IP addresses that need to be reached by NetDefendOS are 85.12.184.39 and 194.142.215.15
then the complete routing table for the above example would be:
182