[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] what occurs first NAT or RULEBASE
Title: RE: [FW1] what occurs first NAT or RULEBASE
Address translation happens after a packet has entered the firewall
(of course), but before it leaves the firewall (of course). Rule
checks occur at the boundaries, i.e. as a packet enters the firewall
(aka an "inbound" packet), and as a packet leaves the firewall
("outbound").
You can see this by setting FW1 to filter "eitherbound", creating a
static NAT (e.g. src="" dst=external-ip, port=telnet, xlatesrc=
unchanged, xlatedst=internal-ip(static), xlateport=unchanged),
creating a rule that only allows access to the external IP (e.g.
src="" dst=external-ip, port=telnet, action="" log=long),
and creating a "default deny" rule (e.g. src="" dst=any, port=any,
action="" log=long).
When an inbound telnet packet hits the firewall, the first rule
will fire off, and you will see a green "accept" line in your log.
Then the packet will be translated. The "default deny" rule will
fire off, and you will see a red "deny" line in the log with the
translated address.
Normally, the firewall is configured to filter in one direction
only, so you don't usually worry about the order of operations.
Hopefully, I made sense. :)
#\Matthew
