D-Link NetDefendOS User Manual page 291

traditional routing table lookups, and is one reason for the high forwarding performance of
NetDefendOS.
If an established connection cannot be found, then the routing table is consulted. It is important
to understand that the route lookup is performed before any of the various policy rules get
evaluated (for example, IP rules). Consequently, the destination interface is known at the time
NetDefendOS decides if the connection should be allowed or dropped. This design allows for a
more fine-grained control in security policies.
NetDefendOS Route Notation
NetDefendOS uses a slightly different way of describing routes compared to most other systems
but this way is easier to understand, making errors less likely.
Many other products do not use the specific interface in the routing table, but specify the IP
address of the interface instead. The routing table below, is from a Microsoft Windows XP
workstation:
====================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 d4 51 8d dd ...... Intel(R) PRO/1000 CT Network
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===================================================================
===================================================================
Active Routes:
Network Destination
0.0.0.0
10.0.0.0
10.4.2.143
10.255.255.255
85.11.194.33
127.0.0.0
192.168.0.0
192.168.0.10
192.168.0.255
224.0.0.0
224.0.0.0
255.255.255.255
255.255.255.255
Default Gateway:
===================================================================
Persistent Routes:
None
The corresponding routing table in NetDefendOS will be similar to the following:
Flags Network
----- ------------------ -------- -------------- --------- ------
192.168.0.0/24
10.0.0.0/8
0.0.0.0/0
NetDefendOS Route Definition Advantages
The NetDefendOS method of defining routes makes the reading and understanding of routing
information easier.
A further advantage with the NetDefendOS approach is that the administrator can directly
specify a gateway for a particular route and the following is true:
Netmask
0.0.0.0 192.168.0.1 192.168.0.10
255.0.0.0 10.4.2.143
255.255.255.255
255.255.255.255 10.4.2.143
255.255.255.255 192.168.0.1 192.168.0.10
255.0.0.0
255.255.255.0 192.168.0.10 192.168.0.10
255.255.255.255
255.255.255.255 192.168.0.10 192.168.0.10
240.0.0.0 10.4.2.143
240.0.0.0 192.168.0.10 192.168.0.10
255.255.255.255 10.4.2.143
255.255.255.255 192.168.0.10 192.168.0.10
192.168.0.1
Iface Gateway
lan
wan
wan 192.168.0.1
291
Gateway Interface Metric
10.4.2.143
127.0.0.1 127.0.0.1
10.4.2.143
127.0.0.1 127.0.0.1
127.0.0.1 127.0.0.1
10.4.2.143
10.4.2.143
Local IP
Chapter 4: Routing
20
1
50
50
20
1
20
20
20
50
20
1
1
Metric
20
1
20