6.4.5.2. TransparentRouter

TransparentRouter does not modify the IP address and TCP/UDP port number requested by the client; the same parameters are used on the server side.

Figure 6.23. Using the TransparentRouter

Figure 6.24. Configuring TransparentRouter

Use client address as source

By default, Application-level Gateway uses its own IP address in the server-side connections: the server does not see the IP address of the original client. By selecting this option, Application-level Gateway mimics the original address of the client. Use this option if the server uses IP-based authentication, or the address of the client must appear in the server logs.

Note
This option was called Forge address in earlier versions of PNS.

Figure 6.25. Using the client address in server-side connections

Note
The IP address of the client is related to the source NAT (SNAT) policy used for the service: using SNAT automatically enables the Use client address as source option in the router.

Target address overridable by the proxy

If this option is selected and the data stream in the connection contains routing information, than the address specified in the data stream is used as the destination address of the server-side connection.

Example 6.5. Overriding the target port SQLNetProxy
The Oracle SQLNet protocol can request port redirection within the protocol. Configure a service using the SQLNetProxy and the Target address overridable by the proxy router option. When a client first connects to the Oracle server, the connection is established to the IP address and port selected by the router. However, the server can send a redirect request to the client, and the router has to reconnect to the port specified in the request of the Oracle server. This procedure is performed transparently to the client.

Example 6.5. Overriding the target port SQLNetProxy

The Oracle SQLNet protocol can request port redirection within the protocol. Configure a service using the SQLNetProxy and the Target address overridable by the proxy router option. When a client first connects to the Oracle server, the connection is established to the IP address and port selected by the router. However, the server can send a redirect request to the client, and the router has to reconnect to the port specified in the request of the Oracle server. This procedure is performed transparently to the client.

Note
The Target address overridable by the proxy option cannot be used with InbandRouter. This option was called Overridable in earlier versions of PNS.

Note

The Target address overridable by the proxy option cannot be used with InbandRouter.

This option was called Overridable in earlier versions of PNS.

Modify target port

Use the Modify target port option to connect to a different port of the server.

Figure 6.26. Using TransparentRouter with the Modify target port option

Modify source port

This option defines the source port that Application-level Gateway uses in the server-side connection. The following options are available:

Random port above 1024: Selected a random port between 1024 and 65535. This is the default behavior of every router.
Random port in the same group: Select a random port in the same group as the port used by the client. The following groups are defined: 0-513, 514-1024, 1025–.
Client port: Use the same port as the client.
Specified port: Use the port set in the spinbutton.

Figure 6.27. Modifying the source port

Note
This option was called Forge port in earlier versions of PNS.

Previous	Up	Next
	Home

Proxedo Network Security Suite 1.0 Administrator Guide

6.4.5. Routing — selecting routers and chainers

6.4.5.2. TransparentRouter

Use client address as source

Target address overridable by the proxy

Modify target port

Modify source port