Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

    Firewalling
    2
    2
    1848
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrjoltcola last edited by

      I come from a background of Cisco, and I've always specified my rules using the address for the interface where the rule is. For a public ACL, I'm used to using the public address.

      I tried this with pfsense and it didn't work, I had to use the private address.

      This confuses me, but I suppose this is by design. Sorry if it is newbie question. I'm just curious why?

      Or is there an option I'm missing?

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        As a statefull firewall, all rules are set where the connection begins, if is a rule To allow access from clientes, it will be in lan. If is internet going To your web server, it will be at wan.

        When using nat the rule is applied after translation, so wan rule will give access to internal web server ip, no To wans public ip.

        Except for nat, all rules are set by source or destination ip/port.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post