Example: Passing IPX Packets Between Host A and Host C
Imagine you want to pass IPX packets between HOST A and HOST C in the figure below:
Figure C-1 Ether State Engine: Passing IPX Packets [NEW GFX NEEDED]
You have decided that the frame types used by these systems are 33079 & 33080 (hex 0x8137 and 0x8138).
-
Create and save new services using the ether state engine for each of these frame types. Create a service group (call it "ipx," for example) containing both of these services.
Note -The ether state engine takes a decimal value for type.
-
Pick an IP host on the qe2 interface and an IP host on the qe1 interface and create an address list called "qe1andqe2."
If you have defined interface objects for qe1 and qe2 (which you should do for anti-spoofing) these could be combined into a list called "qe1andqe2."
-
Define a rule:
Service: ipxSource: qe1andqe2Destination: qe1andqe2Action: normal
This rule passes all frames with the specified types between the qe1 and qe2 interfaces. That is, a frame from any host on the network attached to qe2 (Host B, for example) will get passed to the network attached to qe1, if the type matches.
Note that there is no logging with the ether state engine, even if LOG_DETAIL is in the rule--because all SunScreen logging starts at the IP layer and there is no IP layer here.
- © 2010, Oracle Corporation and/or its affiliates