Network Routing


Overview

The firewall is not a router. You need a router hardware unit, or a switch that has router capabilities, in order to configure routing.

Routing directs the flow of packets through a network. A default route specifies to which router packets are sent when the address is not known. If the computer itself does not contain a login account for the user, the computer sends the message to its default gateway router which stores paths through the network known as routes.

If the gateway router does not have the route to the user in its storage, the message is passed to another router which knows routes from the larger network. If it is not found, it is sent to another router with a still larger view of the network. This process is repeated ad infinitum with the message sent from one router to another until the message is sent to the correct destination.


Configuration

  1. Connect a computer to the console port of the router that connects to the outside interface of the firewall and open up a HyperTerminal session.

  2. Access configuration mode by running configure terminal.

  3. Clear the ARP cache by running clear arp.

  4. Set the default route to the inside interface of the firewall with the following command:

    ip route pix_inside_interface_ip_address

  5. Verify the firewall interface is listed as the "gateway of last resort" by running show ip route

  6. Clear the ARP cache using clear arp, then exit by entering <Ctrl>-Z.

  7. If you changed the default route, use the write memory command to store the new configuration in Flash memory.

  8. Run clear arp to make the new default gateway usable by the router.

  9. Set a default route for each host.

    To view the contents of the current routing table, run netstat -r.

    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    10.0.0.0        *               255.255.255.0   U         0 0          0 eth0
    loopback        *               255.0.0.0       U         0 0          0 lo
    default         10.0.0.1        0.0.0.0         UG        0 0          0 eth0
    

    To set the default route, login as root and run:

    route add default gw IP_address_of_next_host