Kerio Tech Firewall6 User Manual
Page 101
7.9 Media hairpinning
101
a packet is addressed to a client in the local network. Then it translates the destination IP
address and sends the packet back to the local network (as well as in case of port mapping).
This ensures that traffic between the two phones will work correctly.
Note:
1.
Hairpinning requires traffic between the local network and the Internet being allowed (be-
fore processed by the firewall, packets use a local source address and an Internet destina-
tion address — i.e. this is an outgoing traffic from the local network to the Internet). In
default traffic rules created by the wizard (see chapter
), this condition is met by the
NAT rule.
2.
In principle, hairpinning does not require that Full cone NAT is allowed (see chapter
However, in our example, Full cone NAT is required for correct functioning of the SIP
protocol.