D-Link DFL-1660 User Manual page 407
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
8.2.8. HTTP Authentication
six hexadecimal two character lower-case values separated by a hyphen ("-") character. For
example:
IP Rules are Needed
HTTP authentication cannot operate unless a rule is added to the IP rule set to explicitly allow
authentication to take place. This is also true with HTTPS.
If we consider the example of a number of clients on the local network lannet who would like access
to the public Internet through the wan interface then the IP rule set would contain the following
rules:
#
1
2
3
The first rule allows the authentication process to take place and assumes the client is trying to
access the lan_ip IP address, which is the IP address of the interface on the NetDefend Firewall
where the local network connects.
The second rule allows normal surfing activity but we cannot just use lannet as the source network
since the rule would trigger for any unauthenticated client from that network. Instead, the source
network is an administrator defined IP object called trusted_users which is the same network as
lannet but has additionally either the Authentication option No Defined Credentials enabled or has
an Authentication Group assigned to it (which is the same group as that assigned to the users).
The third rule allows DNS lookup of URLs.
Forcing Users to a Login Page
With this setup, when users that are not authenticated try to surf to any IP except lan_ip they will
fall through the rules and their packets will be dropped. To always have these users come to the
authentication page we must add a SAT rule and its associated Allow rule. The rule set will now look
like this:
#
1
2
3
4
5
The SAT rule catches all unauthenticated requests and must be set up with an all-to-one address
mapping that directs them to the address 127.0.0.1 which corresponds to core (NetDefendOS itself).
00-0c-19-f9-14-6f
Action
Src Interface
Allow
lan
NAT
lan
NAT
lan
Action
Src Interface
Allow
lan
NAT
lan
NAT
lan
SAT
lan
Allow
lan
407
Src Network Dest Interface Dest Network
lannet
core
trusted_users
wan
lannet
wan
Src Network Dest Interface Dest Network
lannet
core
trusted_users
wan
lannet
wan
lannet
wan
lannet
wan
Chapter 8. User Authentication
Service
lan_ip
http-all
all-nets
http-all
all-nets
dns-all
Service
lan_ip
http-all
all-nets
http-all
all-nets
dns-all
all-nets
http-all
all-to-one
127.0.0.1
all-nets
http-all
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
