The pfSense Store

Author Topic: Port Forward NAT vs Firewall Rules  (Read 1740 times)

0 Members and 1 Guest are viewing this topic.

Offline NKRA

  • Newbie
  • *
  • Posts: 13
    • View Profile
Port Forward NAT vs Firewall Rules
« on: October 14, 2011, 04:44:39 am »
Dear all,

I am a bit confused with the Port Forward NAT vs the Firewall Rules.  When you create a new NAT an associated Firewall Rule is created.  I do not quite understand the logic.  Please can someone enlighten me.  Thanks.

Regards,

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Port Forward NAT vs Firewall Rules
« Reply #1 on: October 14, 2011, 07:19:04 am »
When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.

Offline NKRA

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Port Forward NAT vs Firewall Rules
« Reply #2 on: October 14, 2011, 07:28:57 am »
When you create a nat rule, you Tell pfsense what to do when translating packages, but before it, you must allow this packages to flow by adding firewall rules.


What I do not understand is you can set in the NAT to a link rule  or pass?  What is the difference here, I mean why link rule instead of pass?  What are the pros and cons?  Thanks.

Regards, 

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14932
    • View Profile
Re: Port Forward NAT vs Firewall Rules
« Reply #3 on: October 14, 2011, 07:48:09 am »
With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline NKRA

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Port Forward NAT vs Firewall Rules
« Reply #4 on: October 14, 2011, 08:07:00 am »
With pass, the traffic will pass that matches the NAT rule exactly. Some people prefer to have more fine-grained control over who/what is allowed to reach systems to which ports are forwarded.

If it's a web server that the world can access, then pass may be OK. If it's a private system locked down to only a few remote IPs, then someone might want to add the nat and firewall rules separately and come up with a more complex set of rules to control access.

Thanks.  That really clear up my understanding on how the two features works.