Network Address Translation (Nat) - Secure Computing SG300 User Manual

Log Prefix specifies the text to be placed at the start of the log message. This can be
used to make it easier to identify which rules are being matched when inspecting the
system log.
Custom firewall rules
The Custom Firewall Rules and Custom IPv6 Firewall Rules tabs allow firewall
experts to view the current firewall rules and add custom iptables firewall rules.
Note
Only experts on firewalls and iptables are able to add effective custom firewall rules
(further reading can be found at http://www.netfilter.org/documentation/).
Configuring the SnapGear unit's firewall via the Incoming Access and Outgoing
Access and Packet Filtering configuration pages is adequate for most applications.
Refer to Appendix C – System Log for details on creating custom log rules using iptables.

Network Address Translation (NAT)

Network address translation (NAT) modifies the IP address and/or port of traffic
traversing the SnapGear unit. The SnapGear unit supports several types of network
address translation.
The most common of these is Port Forwarding (also known as port address translation,
PAT or destination NAT , DNAT). This is typically used to alter the destination address
(and possibly port) of matched packets arriving on the SnapGear unit Internet interface to
the address of a host on the LAN. This is the most common way for internal,
masqueraded servers to offer services to the outside world.
Source NAT rules are useful for masquerading one or more IP addresses behind a
single other IP address. This is the type of NAT used by the SnapGear unit to
masquerade your private network behind its public IP address.
To a server on the Internet, requests originating from the hosts behind a masqueraded
interface appear to originate from the SnapGear unit, as matched packets have their
source address altered. You may enable or disable source NAT between interfaces
under Masquerading, and fine tune source NAT rules under Source NAT.
Firewall
148