Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Outbound NAT security implications
« previous
next »
Print
Pages: [
1
]
Author
Topic: Outbound NAT security implications (Read 828 times)
firemywall
Newbie
Posts: 1
Karma: 0
Outbound NAT security implications
«
on:
July 09, 2023, 11:08:11 pm »
My kids have a few Nintendo switches. To play online I need to implement uPNP or outbound NAT rules for connectivity.
I previously had the Nintendo's on their own vlan with uPNP which worked fine but I hated the hole in my firewall.
I found today if I enable hybrid outbound NAT rules and create an outbound rule for the Nintendo's with "static port" checked I get the same quality of connectivity for online gameplay (NAT B) as uPNP.
My question:
I'm assuming outbound NAT with static ports is much safer than uPNP. What are the security implications for these outbound NAT rules? Are there any? Would I be safe to have these rules not on a locked down VLAN? I've done some searching and I believe this would not open up any security holes like uPNP would but looking for advice.
Thanks
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Outbound NAT security implications
«
Reply #1 on:
July 10, 2023, 10:25:33 am »
The threat model for an outbound policy that is too relaxed is a rogue device that phones home and creates a tunnel for unauthorised access.
No external source can exploit it directly. If you are reasonably sure about internal devices, uPNP is an acceptable risk
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Outbound NAT security implications