This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT vs Packet filter

Are NAT/DNAT rules independent of Packet filter rules?

For intsance, if I have a NAT/DNAT rule that says:
source=any --> destination=externalAddress / Service=chat
no source change --> change destination=chatServer --> no service change

Do I also need a Packet Filter rule that says:
Source=any --> Service=chat --> Destination=chatServer ALLOW ?

Please advise.

Thanks,
Claudie

This thread was automatically locked due to age.

Parents

0 OfficeDefender over 21 years ago

Look at it this way: your NAT rules are the traffic cop and the filter rules are the gatekeeper. NAT/DNAT rules are necessary when you want something from inside your network to be available to the outside (such as a web server, or a PCAnywhere connection to an internal machine) -- hence, the "traffic cop" analogy. The NAT rules are sitting there, just like a traffic cop, ready to direct traffic where it should go inside your network. It's important to understand that just because the traffic cop directs certain packets inside your network, that doesn't mean they necessarily have *permission* to go anywhere -- that's where the filter rules come in. So, if you allow something in through a NAT rule, you've got to give it permission in the filter rules. Hope this helps.

-Steve
Cancel
Vote Up 0 Vote Down

Cancel
0 claud1e over 21 years ago in reply to OfficeDefender

That is a very helpful analogy Steve, thanks for the help!

Regards,
Claud1e
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 claud1e over 21 years ago in reply to OfficeDefender

That is a very helpful analogy Steve, thanks for the help!

Regards,
Claud1e
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data