Nat , firewall rules and geo block

sk8erbender
sk8erbender Posts: 74  Ally Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Guys I have a question about NAT and firewall rules
Here is my NAT

Here is my firewall

The question is -

Do you need to make IPv4 destination to openvpn server, gateway and etc? Or just leave destination all and then goes the rules which I have ?

Comments

  • zyman2008
    zyman2008 Posts: 197  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2018
    Although, use one firewall rule for all NATed services is possible.
    But from security point of view, it's better add different firewall rule for dedicated server with services.

    So that like this,
    source: allowed source, destination: server 1 private IP, service 1(ex. TCP 80)
    source: allowed source, destination: server 2 private IP, service 2(ex. TCP443)

  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    zyman2008 said:
    Although, use one firewall rule for all NATed services is possible.
    But from security point of view, it's better add different firewall rule for dedicated server with services.

    So that like this,
    source: allowed source, destination: server 1 private IP, service 1(ex. TCP 80)
    source: allowed source, destination: server 2 private IP, service 2(ex. TCP443)

    Can you explain more on this?
    U see that I have 1 rule for GEO
    Then Geo block all

    and then goes rules like you said - WAN to LAN  source ANY destination server private IP service (ex TCP 80 )
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    Oh i think i see now those rules below just does not work..

Security Highlight