Nat , firewall rules and geo block
sk8erbender
Posts: 74
Ally Member
Ally Member
Guys I have a question about NAT and firewall rules
Here is my NAT
Here is my firewall 
The question is -
Do you need to make IPv4 destination to openvpn server, gateway and etc? Or just leave destination all and then goes the rules which I have ?
Here is my NAT
Here is my firewall The question is -
Do you need to make IPv4 destination to openvpn server, gateway and etc? Or just leave destination all and then goes the rules which I have ?
0
Comments
-
Although, use one firewall rule for all NATed services is possible.
But from security point of view, it's better add different firewall rule for dedicated server with services.
So that like this,
source: allowed source, destination: server 1 private IP, service 1(ex. TCP 80)
source: allowed source, destination: server 2 private IP, service 2(ex. TCP443)
0 -
Can you explain more on this?zyman2008 said:Although, use one firewall rule for all NATed services is possible.
But from security point of view, it's better add different firewall rule for dedicated server with services.
So that like this,
source: allowed source, destination: server 1 private IP, service 1(ex. TCP 80)
source: allowed source, destination: server 2 private IP, service 2(ex. TCP443)
U see that I have 1 rule for GEO
Then Geo block all
and then goes rules like you said - WAN to LAN source ANY destination server private IP service (ex TCP 80 )
0 -
Oh i think i see now those rules below just does not work..
0
Master Member
Categories
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 983 Switch
- 46 Switch Ideas
- 878 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
