4. Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

  • M

    I come from a background of Cisco, and I've always specified my rules using the address for the interface where the rule is. For a public ACL, I'm used to using the public address.

    I tried this with pfsense and it didn't work, I had to use the private address.

    This confuses me, but I suppose this is by design. Sorry if it is newbie question. I'm just curious why?

    Or is there an option I'm missing?

    0

  • As a statefull firewall, all rules are set where the connection begins, if is a rule To allow access from clientes, it will be in lan. If is internet going To your web server, it will be at wan.

    When using nat the rule is applied after translation, so wan rule will give access to internal web server ip, no To wans public ip.

    Except for nat, all rules are set by source or destination ip/port.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy