Best practise for AON NAT-ing the LAN



  • Hi! I was thinking …

    If I create an outbound mapping on my WAN interface for traffic originating from my LAN to a specific subnet on WAN.... Like this:

    WAN  10.10.10.1/32 * 46.201.113.0/24 * * * NO

    There are no more outbound mapping for the WAN interface

    Then what if I have generous firewall rules that will allow any traffic on my LAN to any destination…. Would I expose my internal addresses on the WAN interface side?

    (You may ask why I not just make a NAT mapping to ANY destination instead, -It's because I don't want  to risk that the LAN traffic reaches other networks over that specific interface)

    I'd be so happy to learn...  :) :) :)

    //Plisken


Locked