Network interfaces of a router are usually assigned with IP addresses and network mask. Depending on the subnet an IP address belongs to, the router is able to route IP packets to the corresponding network interface. However, as IP address is limited, IP address may be in shortage such that there are not enough IP addresses to be assigned to each network interface.
In order to conserve IP address, drop-in mode has been used to allow a router or gateway to route IP packets without assigning an IP address to the corresponding network interfaces of the router or gateway. Using FIG. 1 as an illustration, network interfaces 171 and 172 are not assigned with IP address. Firewall 150, host 161, network node 164, host 109a and host 109b are assigned with the same IP subnet. When an IP packet is being transmitted by router 111 to host 109a or host 109b, network node 170 routes the IP packet to firewall 150 through network interface 172 as processing unit of network node 170 after examining the destination address of the IP packet determines that the IP packet belongs to the IP subnet connecting to network interface 172. This results in erroneous routing.
Similarly, when network node 164 sends an IP packet to host 109a, network node 170 either drops the IP packet or forwards the IP packet back to firewall 150 as the destination address of the IP packet belongs to the IP subnet that network interface 172 connects to. This also results in erroneous routing.
In order to avoid erroneous routing, one or more routing rules have to be created to allow IP packets sent to and received from hosts and nodes, which belong to same IP subnet of the network connecting to network interface 172, through network interface 171. In addition, it takes time and effort to setup the routing rules manually, especially when many routing rules need to be created manually.