H.6 Applying Static Routing Rules On Network Interfaces For Audit Vault Server And Database Firewall

Use this procedure to apply static routing rules on network interfaces for Audit Vault Server and Database Firewall.

The default configuration for a secondary network interface is to route to the directly connected subnet only. As the root user, execute the steps below to add routes to other networks.

The Audit Vault Server has network interface devices with the name ethN. The Database Firewall has bridge device with the name brN, or a regular network interface device with the name ethN.

Note:

eth1 is the network interface in the example below. Replace it with the actual device name.

  1. Create the template include directory if it does not exist. Execute:

    install -m 0755 -d /usr/local/dbfw/templates/include

  2. Create a routing file after-route-eth1 if it does not exist. Execute:

    touch /usr/local/dbfw/templates/include/after-route-eth1

  3. Ensure the file is writable only by root user. Execute:

    chown root:root /usr/local/dbfw/templates/include/after-route-eth1

    chmod 444 /usr/local/dbfw/templates/include/after-route-eth1

  4. Add your static route. Add a line similar to the following to after-route-eth1. Replace the values with those from your network.

    198.51.100.0/24 via 192.0.2.100 dev eth1

    In this example:

    • eth1 is the appliance's interface, which is directly connected to the 192.0.2.0/24 network.

    • 198.51.100.0/24 is the remote network. The appliance directs traffic to it through the gateway.

    • 192.0.2.100 is the gateway's address on the directly connected 192.0.2.0/24 network.

    • Ensure your network administrator configures the gateway to route packets in both directions between the 192.0.2.0/24 and 198.51.100.0/24 networks.

  5. Save the file.
  6. Execute the network configuration utility:

    /usr/local/dbfw/bin/priv/configure-networking

  7. Apply your changes. Execute:

    ifdown eth1

    ifup eth1

  8. Verify your route is present. Execute:

    ip route list

    The output should include the route you specified above. In the example, the following line is present:

    198.51.100.0/24 via 192.0.2.100 dev eth1

    See Also:

    Oracle® Linux Administrator's Guide for more information on network configuration.