next »

[NKRA]

Dear all,

I am a bit confused with the Port Forward NAT vs the Firewall Rules.  When you create a new NAT an associated Firewall Rule is created.  I do not quite understand the logic.  Please can someone enlighten me.  Thanks.

Regards,

[marcelloc]

When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.

[NKRA]

When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.

What I do not understand is you can set in the NAT to a link rule  or pass?  What is the difference here, I mean why link rule instead of pass?  What are the pros and cons?  Thanks.

Regards, 

[jimp]

With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.

[NKRA]

With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.

Thanks.  That really clear up my understanding on how the two features works.