Kerio Tech Firewall6 User Manual

7.3 Definition of Custom Traffic Rules

83

Figure 7.16

Traffic rule — NAT — NAT with specific interface (its IP address)

any other address is used (including even local private addresses). NAT will not

work correctly and packets sent tto the Internet will be dropped.

•

For obvious reasons, specific IP address cannot be used for NAT in the Internet

connection failover and the network traffic load balancing modes.

Figure 7.17

Traffic rule — NAT — NAT with specific IP address

Full cone NAT

For all NAT methods it is possible to set mode of allowing of incoming packets coming from

any address — so called Full cone NAT.

If this option is off, WinRoute performs so called Port restricted cone NAT. In outgoing packets

transferred from the local network to the Internet, WinRoute replaces the source IP address of

the particular interface by public address of the firewall (see above). If possible, the original

source port is kept; otherwise, another free source port is assigned. As to incoming traffic,

only packets sent from the same IP address and port from which the outgoing packet was sent