3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Transparent Firewall Overview 123
Learning mapping between station B MAC address and the interface
When station B returns the response to the Ethernet frame, the transparent
firewall also can detect the response and know that station B is connected to it
through interface 1 (since it receives the frame from interface 1). Therefore the
transparent firewall add the mapping between station B MAC address and
interface 1. See
Figure 25.
Figure 25 Learn mapping between station B MAC address and the interface
The reverse MAC address learning continues till the transparent firewall obtains
the mapping entries between all MAC addresses (those of stations A, B, C and D
in this example) and the interfaces (here we assume that all stations are in
operation).
Forwarding and Filtering On the data link layer, the transparent firewall determines forwarding (or filtering)
actions based on the following three cases:
Forwarding after successful lookup on address table
When station A sends an Ethernet frame to station C, the transparent firewall
looks up on the address table and knows that station C corresponds to interface 2.
It therefore forwards the frame from interface 2. See
Figure 26.
Works tation A
00e0.fcaa.aaaa
Works tation B
00e0.fcbb.bb
b
Works tation C
Works tation D
00e0.fcdd.dddd
00e0.fccc.cccc
Interface 1
Interface 2
Ethernet segment 1
Ethernet segment 2
Destination
00e0.fcaa.aaaa 00e0.fcbb.bbbb
Source
MAC address Port
00e0.fcaa.aaaa
1
00e0.fcbb.bbbb
1
Address table
Switch 8800