NAT-Firewall rule bug?



  • I created a nat from WAN to an ip in my LAN, forwarding one port . First, I setup only UDP proto. After a while, a realized  that I need TCP too, so I modified the nat from UDP to TCP/UDP. I was surprised seeing that this is not working, until I verified the firewall rules and I saw that the rule was accepting only UDP connections. Should'nt have the firewall rule changed automagically after I change the nat? Of course, I pressed "Apply The Changes" button.



  • No. Firewallrules/NAT rules are not linked together. You have to maintain them seperately if needed.



  • OK, thanks, but couldn't this action(modify the firewall rules according the nat) be introduced into the future release? I belive some others ran into this thing..


  • LAYER 8 Moderator

    That would mean, there has to be some link between the NAT rule and the corresponding filtering rule, that at the moment isn't there yet (besides the auto-commenting of the fw rule). But personally I'm not sure I'd want that as now I'm able to e.g. disable it or modify the filtering rule if I want to temporarily disable this mapping. But as always either way has it's pros and cons :)

    Greets
    Grey



  • I don't like the idea to link them together. How would you handle editet firewallrules like only allow access to this portforward from special IPs? I think it's good the way it is now. You just have to know how it works.



  • You are right, I understand what your are trying to say and I belive now that this is the right way. Thanks again and I hope to I'll be more useful next time :D. Keep up the good work!!!



  • This functionality already exist, somewhat. Use an alias in both the NAT and Firewall rule. Then when you modify the Alias and it will alter the rule and the Nat. :)



  • That's right but it wouldn't help in this example as he changed protocols ;)


Log in to reply