Difference between 1:1 with a FW rule and port forwaring

  • I am really confused as to what the difference is between these two methods to allow external access to an internal address and port. If a a 1:1 nat is defined and then a firewall rule is created to allow specific traffic in, what is the difference when defining a port forward which in turn creates a very similar looking firewall rule for the ports that have been forwarded.

    Is there a difference or is the end result the same?



  • Packet filtering and address rewriting are two separate processes in PF. Regardless of the address rewrite method you have to allow access with packet filter rules and the filter rules will be identical in both 1:1 and port forward NAT cases assuming that the goals are the same in both cases when it comes to access.