Guys
Should be an easy one, trying to lock down my router with NAT and couldnt find the answer with Google.
Whats the packet path order between Firewall Packet Filtering and Virtual Port Mapping. Which is processed first please?
Many thanks
marcusmac
Sequence: Port mapping vs Firewall filtering?
-
marcusmac
- Posts: 6
- Joined: Fri Mar 15, 2013 3:19 pm
-
Philip_L
- Posts: 111
- Joined: Mon Jun 25, 2012 10:06 am
Re: Sequence: Port mapping vs Firewall filtering?
Hi
Set up a Virtual Server entry and forward to the desired internal PC. All packets are then sent to the Firewall. The inbound Firewall rule is accept anything, so once the server virtual entry is set up, all packets from all sources get forwarded.
If you want to add a rule in the Firewall, for example only to let access from one IP address, you need to add a Firewall rule with your source IP address you would like to have access and the Internal port the Virtual Server entry is directing to with direction as Incoming and Action as forward. You then need to add a second rule after the forward one, with the internal IP address of the virtual server, the same internal ports, direction as incoming and action as drop. If you don't add the drop rule, the checking falls down the Firewall rule list and eventually hits an except all for inbound (it is there but not visible). As processing stops at the first match, the drop rule works.
So port forwarding -> Firewall* -> Internal PC.
*Firewall accepts all incoming packets by default from a port forward, so add your forward rule , then a drop rule.
Hope that helps.
Regards
Phil
Set up a Virtual Server entry and forward to the desired internal PC. All packets are then sent to the Firewall. The inbound Firewall rule is accept anything, so once the server virtual entry is set up, all packets from all sources get forwarded.
If you want to add a rule in the Firewall, for example only to let access from one IP address, you need to add a Firewall rule with your source IP address you would like to have access and the Internal port the Virtual Server entry is directing to with direction as Incoming and Action as forward. You then need to add a second rule after the forward one, with the internal IP address of the virtual server, the same internal ports, direction as incoming and action as drop. If you don't add the drop rule, the checking falls down the Firewall rule list and eventually hits an except all for inbound (it is there but not visible). As processing stops at the first match, the drop rule works.
So port forwarding -> Firewall* -> Internal PC.
*Firewall accepts all incoming packets by default from a port forward, so add your forward rule , then a drop rule.
Hope that helps.
Regards
Phil
-
marcusmac
- Posts: 6
- Joined: Fri Mar 15, 2013 3:19 pm
Re: Sequence: Port mapping vs Firewall filtering?
Thank you!!
Best,
marcusmac
Best,
marcusmac