[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Another quick question... What is the difference... ?
 Date:  Tue, 3 Jan 2006 14:20:08 -0600
Chuck Mariotti wrote:
> I am trying to get my head around this...
> What is the difference between making entries on the NAT Inbound page
> and the Firewall Rules Page?
> I just tried to open port 80, but it didn't work. Then I realized, I
> opened it using the Firewall Rules Page... So I went to the NAT page,
> made the "same" (in my mind at least) entry and it started working...
> Deleted the port on the Rules page and it is still working... I'm
> confused.
> Can someone clarify the differences?

NAT rules translate traffic from external IP/port to internal IP/port.

Firewall rules allow traffic through from the outside world (Internet)
to the Internal IP.

NAT rules are processed first. The combination of a NAT rule and a
Firewall rule allow traffic addressed to an external IP address to be
forwarded to an Internal IP on a specific port (port 80 in your case).
If you create an Inbound NAT rule first and check the "Auto Create
Firewall rule" things go smoothly.

The reasons for separate rules is to allow flexibility. If you only
wanted to, you could limit your users to access http on a single,
specific IP. (This would be done by editing the default LAN -> any rule
to read LAN -> <IP>:80 i.e. only allow LAN to go to port 80 on <IP>...)

In short: NAT = Translation - Firewall = Access (I like Lee's analogy as

James W. McKeand