Filter Types and NAT
There are two classes of filter rules, Generic Filter (Device) rules and protocol
filter (TCP/IP) rules. Generic filter rules act on the raw data that's going through
between LAN and WAN. Protocol filter rules act on the IP packets. Generic and
TCP/IP filter rules are discussed in more detail in the next section. When NAT
(Network Address Translation) is enabled, the inside IP address and port number
are replaced on a connection-by-connection basis, which makes it impossible to
know the exact address and port on the wire. Therefore, the Business Secure
Router applies the protocol filters to the native IP address and port number before
NAT for outgoing packets and after NAT for incoming packets. On the other
hand, the generic, or device filters are applied to the raw packets that appear on
the wire. They are applied at the point when the Business Secure Router is
receiving and sending the packets; for example. the interface. The interface can be
an Ethernet port or any other hardware port, as illustrated in
Figure 71 Protocol and Device Filter Sets
Firewall Versus Filters
Firewall configuration is discussed in
page 133
filtering, NAT and the firewall.
chapters of this manual. Further comparisons are also made between
Nortel Business Secure Router 222 Configuration — Advanced
Chapter 11 Filter configuration 151
Chapter 10, "Introducing the firewall," on
Figure
71.