6.4.5.3. DirectedRouter

DirectedRouter directs all connections to fixed addresses, regardless of the address requested by the client.

Figure 6.32. Using the DirectedRouter

Figure 6.33. Configuring DirectedRouter

To add a destination address, click New, and enter the IP address and the port number of the server to connect to. If you set additional addresses, and the first address is unreachable, Zorp tries to connect to the next server. It is also possible to connect to the listed destinations in a round-robin fashion, see Section 6.4.5.7, RoundRobinChainer for details.

Tip
Use DirectedRouter for servers publicly available in the DMZ. That way outsiders do not know the real IP addresses of the servers — the servers are not even required to have public, routable IP addresses.

DirectedRouter has the following options:

Use client address as source

By default, Zorp uses its own IP address in the server-side connections: the server does not see the IP address of the original client. By selecting this option, Zorp mimics the original address of the client. Use this option if the server uses IP-based authentication, or the address of the client must appear in the server logs.

Note
This option was called Forge address in earlier versions of Zorp.

Figure 6.34. Using the client address in server-side connections

Note
The IP address of the client is related to the source NAT (SNAT) policy used for the service: using SNAT automatically enables the Use client address as source option in the router.

Target address overridable by the proxy

If this option is selected and the data stream in the connection contains routing information, than the address specified in the data stream is used as the destination address of the server-side connection.

Example 6.6. Overriding the target port SQLNetProxy
The Oracle SQLNet protocol can request port redirection within the protocol. Configure a service using the SQLNetProxy and the Target address overridable by the proxy router option. When a client first connects to the Oracle server, the connection is established to the IP address and the port selected by the router. However, the server can send a redirect request to the client, and the router has to reconnect to the port specified in the request of the Oracle server. This procedure is performed transparently to the client.

Example 6.6. Overriding the target port SQLNetProxy

The Oracle SQLNet protocol can request port redirection within the protocol. Configure a service using the SQLNetProxy and the Target address overridable by the proxy router option. When a client first connects to the Oracle server, the connection is established to the IP address and the port selected by the router. However, the server can send a redirect request to the client, and the router has to reconnect to the port specified in the request of the Oracle server. This procedure is performed transparently to the client.

Note
The Target address overridable by the proxy option cannot be used with InbandRouter. This option was called Overridable in earlier versions of Zorp.

Note

The Target address overridable by the proxy option cannot be used with InbandRouter.

This option was called Overridable in earlier versions of Zorp.

Modify source port

This option defines the source port that Zorp uses in the server-side connection. The following options are available:

Random port above 1024: Select a random port between 1024 and 65535. This is the default behavior of every router.
Random port in the same group: Select a random port in the same group as the port used by the client. The following groups are defined: 0-513, 514-1024, 1025–.
Client port: Use the same port as the client.
Specified port: Use the port set in the spinbutton.

Note
This option was called Forge port in earlier versions of Zorp.

Previous	Up	Next
	Home

Zorp Professional 7 Administrator Guide

6.4.5. Routing — selecting routers and chainers

6.4.5.3. DirectedRouter

Use client address as source

Target address overridable by the proxy

Modify source port