Got myself a 2850n - and have set up a NAT to go to one of my internal computers. I have also set up a firewall to prevent anyone external except a certain ip address from accessing this computer.

I *thought* that the firewall rule would kick in before the NAT rule, ie

check all the rules, if everything ok, then check NAT tables

however, it seems to be the other way around, as I turned off the firewall rule, and the NAT still worked.

Can anyone confirm this ?

thanks

*bump*

anyone ?

I *bump*. and then figure it out. Of course ;)

What I was missing was another rule after the allowed rule that blocked everybody else. I made the assumption that the absence of a rule would block by default.

Hi jmls

My understanding is that it starts from the logic in the default rule (either a pass or block), then applies the filter sets in the order you have set the 'next' numbers.

I missed the setting 'next' for a long while and then had to draw it out many times before I got mine to work as I wanted.

The Firewall is inside the NAT; if you have a server in a DMZ, for instance, the firewall rules for it must be written using the internal address, not the external one.

Paul