Best practise for AON NAT-ing the LAN
-
Hi! I was thinking …
If I create an outbound mapping on my WAN interface for traffic originating from my LAN to a specific subnet on WAN.... Like this:
WAN 10.10.10.1/32 * 46.201.113.0/24 * * * NO
There are no more outbound mapping for the WAN interface
Then what if I have generous firewall rules that will allow any traffic on my LAN to any destination…. Would I expose my internal addresses on the WAN interface side?
(You may ask why I not just make a NAT mapping to ANY destination instead, -It's because I don't want to risk that the LAN traffic reaches other networks over that specific interface)
I'd be so happy to learn... :) :) :)
//Plisken
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.