Port Forward NAT vs Firewall Rules
-
Dear all,
I am a bit confused with the Port Forward NAT vs the Firewall Rules. When you create a new NAT an associated Firewall Rule is created. I do not quite understand the logic. Please can someone enlighten me. Thanks.
Regards,
-
When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.
-
When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.
What I do not understand is you can set in the NAT to a link rule or pass? What is the difference here, I mean why link rule instead of pass? What are the pros and cons? Thanks.
Regards,
-
With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.
If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.
-
With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.
If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.
Thanks. That really clear up my understanding on how the two features works.