SnapGear 2.0.1 User Manual
Page 81
Firewall
77
The Incoming Interface is the interface/network port that the CyberGuard SG appliance
received the network traffic on.
The Outgoing Interface is the interface/network port that the CyberGuard SG appliance
will route the network traffic out. None will match network traffic that is destined for the
CyberGuard SG appliance itself. This is useful for controlling access to services provided
by the CyberGuard SG appliance, such as the Web Management Console.
The Log option controls whether to log the first packet of the connection. You may enter
a Log Prefix to make it easier to identify which rules are being matched when inspecting
the system log.
NAT
Once appropriate addresses (and perhaps service groups) have been defined, you may
add 1-to-1 and Destination NAT rules. Source NAT rules may be added at any time, as
these may apply solely between the interfaces of the CyberGuard SG appliance itself.
By default, the CyberGuard SG appliance performs Source NAT on traffic where the
incoming interface is LAN and the outgoing interface is WAN. See the Advanced section
of the chapter entitled Network Connections for information on configuring the basic
masquerading (Source NAT) relationships between your CyberGuard SG appliance’s
interfaces.
Destination NAT/port forwarding
Destination NAT alters the destination address and optionally the destination port of
packets received by the CyberGuard SG appliance. Typically this is used for port
forwarding.
Port forwarding allows controlled access to services provided by machines on your
private network to users on the Internet by forwarding requests for a specific service
coming into one of the CyberGuard SG appliance’s interfaces (typically the WAN
interface) to a machine on your LAN, which services the request.
Enable
Uncheck to temporarily disable this rule
Descriptive Name
An arbitrary name for this rule
This rule will be applied to packets that match the critera described by the next four fields.
Incoming Interface
The interface that receives the request (for port
forwarding will typically be set to WAN/Internet)