Source Address

The address from which the request originated (for

 

port forwarding you may specify this to restrict the

 

internal service to be only accessible from a specific

 

remote location)

Destination Address

The destination address of the request, this is the

 

address that will be altered

Destination Services

The destination service(s) (port(s)) of the request,

 

many public ports may be forwarded to a single

 

internal port

The next two fields describe how matching packets should be altered.

To Destination Address The address to replace the Destination Address (for port forwarding this will typically be the private address of an internal machine)

To Destination Service The address to replace Destination Services, this need not be the same as the Destination Service used to match the packet, but often will be

Generally leave Create a corresponding ACCEPT firewall rule checked unless you want to manually create a more restrictive filter rule through Rules.

Source NAT

Source NAT alters the source address and optionally the source port of packets received by the CyberGuard SG appliance. This is typically used for masquerading.

You can use the Source NAT functionality of Packet Filtering to tweak your CyberGuard SG appliance’s masquerading behaviour.

See the Advanced section of the chapter entitled Network Connections for information on configuring the basic masquerading (Source NAT) relationships between your CyberGuard SG appliance’s interfaces.

Enable

Uncheck to temporarily disable this rule

Descriptive Name

An arbitrary name for this rule

This rule will be applied to packets that match the critera described by the next four fields.

78

Firewall

Page 82
Image 82
SnapGear 2.0.1 user manual Source NAT, Source Address, Destination Address, Destination Services