Note: checking "NAT traffic exiting this interface (and bridged peers)" adds an implicit NAT rule to NAT all traffic exiting that interface to Auto. This means NAT takes place between local interfaces and no traffic will flow between separate internal networks without explicit port forwards. If this is not desired, NAT can be done as traffic comes from a non-WAN by checking "NAT traffic coming from this interface (and bridged peers)". This means traffic between internal networks will be un-NATed and each can reach each other using the private addresses. If checked, all traffic coming from the interface will be NATed using the primary IP address of its destination interface.īy default, since only "NAT traffic exiting this interface (and bridged peers)" is checked, NAT is only done on traffic that exits a WAN interface. There is also another options called "NAT traffic coming from this interface (and bridged peers)" on non-WAN interfaces. In other words, all sessions leaving the External interface will use the External interface's primary IP. When return traffic in that session returns to 1.2.3.4 it is rewritten back to the internal address, 192.168.1.100, and forwarded back to the internal server.īy default "NAT traffic exiting this interface (and bridged peers)" is checked on WAN interfaces which enables the NATing of all sessions exiting that WAN interface with the source address of the primary IP of that interface. To do this when a private machine (say 192.168.1.100) makes a connection to a public server (say ) the NG Firewall server rewrites the source address to the public IP address of NG Firewall (say 1.2.3.4) on the way out. Typically NAT is used so that machines on a private subnet (10.*.*.*, 192.168.*.*, etc) can share a single public IP address.
0 Comments
Leave a Reply. |