Port Forward NAT vs Firewall Rules



  • Dear all,

    I am a bit confused with the Port Forward NAT vs the Firewall Rules.  When you create a new NAT an associated Firewall Rule is created.  I do not quite understand the logic.  Please can someone enlighten me.  Thanks.

    Regards,



  • When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.



  • @marcelloc:

    When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.

    What I do not understand is you can set in the NAT to a link rule  or pass?  What is the difference here, I mean why link rule instead of pass?  What are the pros and cons?  Thanks.

    Regards,


  • Rebel Alliance Developer Netgate

    With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

    If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.



  • @jimp:

    With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

    If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.

    Thanks.  That really clear up my understanding on how the two features works.


Log in to reply