Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladislav2015-03-27 04:15:09
Mikrotik
Vladislav, 2015-03-27 04:15:09

Setting up traffic filtering in a corporate network - NAT vs FIREWALL, which is better?

Actually the question is the following, what is the best way to filter traffic from / to the corporate local area network?
Options:
1. firewall (hard setting for ports, protocols and ip) + nat (forwarding all traffic to ip)
2. firewall (configured only for traffic coming from the WAN to the router itself, traffic to the local network is not blocked) + nat (hard forwarding by ports, protocols and ip)
3. firewall (hard setting by ports, protocols and ip) + nat (hard forwarding by ports, protocols and ip)
Rule example:
chain=forward in-interface=wan out-interface= lan action =accept protocol=tcp dst-address=192.168.0.15 dst-port=25 log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=192.168.0.15 protocol=tcp dst-address=1.1.1.1 in-interface=wan port=25 log=no
log-prefix=""
Actually, at what level is it better to filter most of traffic going to the local network NAT or FIREWALL?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
Cool Admin, 2015-03-27
@Navy9

As the context suggests, you need to filter in the filter, you need to broadcast traffic in the broadcast. Dot.

Report
S
Sergey, 2015-03-27
@edinorog

0_o Well this is how much you had to drink to ask such a question. And since when did nat filter traffic in general?
NAT (from the English Network Address Translation - “network address translation”) is a mechanism in TCP / IP networks that allows you to translate the IP addresses of transit packets.
-------------------------------------------------- -------------------------------------------------- -----------
Firewall, firewall, firewall, firewall - a set of hardware or software that controls and filters network packets passing through it in accordance with specified rules.
The main task of a firewall is to protect computer networks or individual nodes from unauthorized access. Also, firewalls are often called filters, since their main task is not to let through (filter) packets that do not meet the criteria defined in the configuration.
Some firewalls also allow address translation, which is the dynamic replacement of internal (gray) addresses or ports with external ones used outside the LAN.
I hope you do not have a higher education? And then your teacher should hang himself from grief.

Similar questions
R
rkarchava2014-10-28 12:29:20
How to merge two offices in Mikrotik VPN Tunel? 2Reply
I
Igor2014-10-29 12:07:03
How to analyze the contents of packets using NetFlow? 3Reply
A
Adrenal1ne12016-10-31 10:08:49
Is it possible to transfer Mikrotik settings to another version of the router? 5Reply
L
leoders2019-03-28 18:41:18
L2tp: centos-server + mikrotik-client. How to set up routing? 0Reply
S
STLuka13372016-11-02 14:14:17
There are 2 domain names on 1 external address and 2 servers behind the local network How to make it so that from 1 name there is access to 1 machine and 2 to 2? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question