4. NAT 1:1 and Firewall rules order: How to apply a rule BEFORE NAT 1:1 translation

NAT 1:1 and Firewall rules order: How to apply a rule BEFORE NAT 1:1 translation

  • G

    My config

    Two hosts 1&2, host 2 located on LAN has a virtual IP in the DMZ. NAT 1:1 enabled between IP:A and IP:C

    My goal: to block traffic IP:B -> IP:C, but allow IP:B -> IP:A

    I beleive that the NAT 1:1 translation is applied BEFORE the firewall rules. So in fact the rule "allow IP:B -> IP:A" has no effect AND the rule "block IP:B -> IP:C" also blocks traffic IP:B -> IP:A.

    How can we workaround this ?

    |
    |Wan
    |
    PfSense–DMZ--  VirtualIP(IP:A), Host 1 (IP:B)
    |
    |LAN
    |
    Host2 (IP:C)

    thanx
    :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy