1 Scenario
Routing on a BAT is configured between 2 interfaces as follow :
Configuration on the BAT (from the default config) :
set Setup/TCP-IP/Network-list/INTRANET 192.168.1.1 255.255.255.0 * BRG-1
set Setup/TCP-IP/Network-list/NET2 10.252.0.1 255.255.255.0 * BRG-2 * Intranet
set Setup/LAN-Bridge/Port-Data/LAN-1 * BRG-2
What we want to do :
Redirect specific IP broadcast (depending on the UDP port) from IP NET 1 to IP NET 2 and vice versa :
2 The IP redirect function
There is in the BAT a Firewall L2.
It makes possible a redirection of IP datas.
Nevertheless it works as a Firewall at the interface level. Enabling 1 rule on the interface will automatically turn it on , all the traffic which isn’t defined in the rules will be dropped (at the interface level).
That’s why in our case we’ll define 2 preliminary rules, one to allow the IP traffic, another one to allows the ARPs (these 2 rules are enough to make IP communications working properly).
Then 2 additionnal rules : 1 to redirect the specific broadcast from IP NET 1 to IP NET 2 (based on the UDP port) and vice versa.
3 Broadcasts to redirect
Define the traffic which has to be redirected depending on the UDP port. (it can also be based on a TCP port but IP broadcast usually don’t use TCP as transport layer protocol)
In our case we’ll redirect traffic using UDP port 666
4 Configuration
4.1 Via LAN Config
Configuration
èWireless LAN
- Security
- Protocols
- Add
- Protocols
Add the 4 rules :
4.2 Via CLI
Set Setup/LAN-Bridge/Protocol-Table/IP * * 0800 * * * * * LAN-1,LAN-2 Pass
Set Setup/LAN-Bridge/Protocol-Table/ARP * * 0806 * * * * * LAN-1,LAN-2 Pass
Set Setup/LAN-Bridge/Protocol-Table/NET1_TO_NET2 * * 0800 * * 17 666 666 LAN-1 Redirect 192.168.1.255
Set Setup/LAN-Bridge/Protocol-Table/NET2_TO_NET1 * * 0800 * * 17 666 666 LAN-2 Redirect 10.252.0.255