NAT Rule "Filter rule association" none vs. pass

rpsmith

When setting up a simple NAT rule to NAT port 80 to my web server (LAN interface), what is the difference between "none" and "pass" under "Filter rule association"?  I don't want the NAT rule linked to the WAN ruled and I don't understand the difference between none and pass.

Roy…

Efonnes

"Pass" will make the traffic automatically pass before firewall rules are even evaluated.  "None" means that it does not do this and that it won't create a rule automatically either.

rpsmith

so with a "pass" no WAN rule is required at all?  very interesting.  thanks for clarifying that.  BTW, If that is not documented anywhere (I searched for at least 45 min before posting), it would be good to add that info as a hint or to the help screen.

Thanks again.

Roy…

mxx

From my experience the wan rule is created automatically for you.
Isn't this the case anymore when you select pass?

jimp

@mxx:

From my experience the wan rule is created automatically for you.
Isn't this the case anymore when you select pass?

Correct. With "pass" no WAN rule is needed, the rdr pass will do both - allow the traffic and do the redirect.

Note that it's mainly useful with ports that are left fully exposed to the public like web servers. If you want to have more flexible control over what traffic is allowed to hit that port, then rdr pass is probably not the best choice.