D-Link DFL-260E User Manual page 129
Network security firewall netdefendos version 2.40.00
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (552 pages)
Table of Contents
Advertisement
3.5.3. Creating ARP Objects
Web Interface
1.
Go to: Interfaces > ARP > Add > ARP
2.
Select the following from the dropdown lists:
•
Mode: Static
•
Interface: lan
3.
Enter the following:
•
IP Address: 192.168.10.15
•
MAC: 4b-86-f6-c5-a2-14
4.
Click OK
ARP Publish
NetDefendOS supports publishing IP addresses on a particular interface, optionally along with a
specific MAC address instead of the interface's MAC address. NetDefendOS will then send out
these as ARP replies for any ARP requests received on the interface for the published IP addresses.
This can done for a number of reasons:
•
To give the impression that an interface in NetDefendOS has more than one IP address.
This is useful if there are several separate IP spans on a single LAN. The hosts on each IP span
may then use a gateway in their own span when these gateway addresses are published on the
corresponding NetDefendOS interface.
•
Another use is publishing multiple addresses on an external interface, enabling NetDefendOS to
statically address translate traffic to these addresses and send it onwards to internal servers with
private IPv4 addresses.
•
A less common purpose is to aid nearby network equipment responding to ARP in an incorrect
manner.
Publishing Modes
There are two publishing modes available when publishing a MAC/IP address pair:
•
Publish
•
XPublish
In both cases, an IP address and an associated MAC address are specified. If the MAC address is not
specified (is all zeroes) then the MAC address of the sending physical interface is used.
To understand the difference between Publish and XPublish it is necessary to understand that when
NetDefendOS responds to an ARP query, there are two MAC addresses in the Ethernet frame sent
back with the ARP response:
1.
The MAC address in the Ethernet frame of the Ethernet interface sending the response.
2.
The MAC address in the ARP response which is contained within this frame. This is usually
the same as (1) the source MAC address in the Ethernet frame but does not have to be.
129
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
