Enabling Internet Access; Transparent Mode Internet Access - D-Link DFL-1660 User Manual

4.7.2. Enabling Internet Access

• Define a static ARP table entry which maps the MAC address FF-FF-FF-FF-FF-FF to the IPv4
address 255.255.255.255.
• Configure DHCP relay to the DHCP server IP address 255.255.255.255.
4.7.2. Enabling Internet Access
A common misunderstanding when setting up Transparent Mode is how to correctly set up access to
the public Internet. Below is a typical scenario where a number of users on an IP network called
lannet access the Internet via an ISP's gateway with IP address gw-ip.
The non-switch route usually needed to allow Internet access would be:
Route type
Non-switch
Now lets suppose the NetDefend Firewall is to operate in transparent mode between the users and
the ISP. The illustration below shows how, using switch routes, the NetDefend Firewall is set up to
be transparent between the internal physical Ethernet network (pn2) and the Ethernet network to the
ISP's gateway (pn1). The two Ethernet networks are treated as a single logical IP network in
Transparent Mode with a common address range (in this example 192.168.10.0/24).
In this situation, any "normal" non-switch all-nets routes in the routing table should be removed and
replaced with an all-nets switch route (not doing this is a common mistake during setup). This
switch route will allow traffic from the local users on Ethernet network pn2 to find the ISP gateway.
These same users should also configure the Internet gateway on their local computers to be the ISPs
Figure 4.19. Non-transparent Mode Internet Access
Interface
if1
Figure 4.20. Transparent Mode Internet Access
Destination
all-nets
245
Chapter 4. Routing
Gateway
gw-ip