IPv4 Firewall: Outbound Rules usecase?

Started by jimpd, April 04, 2020, 10:01:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 04, 2020, 10:01:47 PM
Hi all

Can someone please explain when outbound rules on for example the LAN interface are required? If I want to expose a port to the internet I create a new NAT -> Port Forward rule but I don't need any other special outbound rule on the LAN interface.

So what is its use case with IPv4?
April 04, 2020, 10:09:18 PM #1
If you want to control the outbound NAT behavior.
Some network designs need special outbound processing and in such cases the default generated rules do not fit the needs.

For example if you have multiple LAN interfaces and multiple virtual IPs and you want to control that each LAN interfaces is using a different WAN IP. Just one use case they are handy.

Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
April 04, 2020, 10:14:47 PM #2
Thank you for your reply.
If I have multiple virtual IPs on a single LAN interface, I can simply specify the IP on which the port should listen as the destination address in the NAT rule.
Probably you are right and I can **also** do it with outbound rules on the LAN interface, but in my opinion punching a whole into the firewall and **afterwards** closing it again with an outbound rule is not the best way to do it.

Can you think of any other use cases?
April 04, 2020, 10:30:19 PM #3
Sorry that was not so clear, I meant:

If you have multiple virutal IPs on WAN and multiple LAN interfaces.

For Example you have: GUESTLAN, WIFILAN and LAN. Each has its own Interface or VLAN and its own Subnet.

Now you have 3 WAN addresses and you want that each local network appears with its own public IP. Than outbound NAT rules can handle it.
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
Print
Go Up Pages1
User actions