Why Does NAT Work

foreverlearning · October 2021

Even though there is an ACL To Block Incoming Traffic from the external interface?
I configure ip nat out on the external interface.
I also configure acl to prevent traffic coming in that external interface.
Users can goto internet which means NAT is working.
Why?

A diagram to explain this will be much appreciated.

powerfool · October 2021

You're blocking inbound traffic, not outbound traffic. If you want to block outbound traffic, then block outbound traffic.

foreverlearning · November 2021

I understand what you meet.
But the traffic has to come in from outside to inside for NAT right?
NAT takes precedence over ACL?

powerfool · November 2021

It has nothing to do with NAT. You can have a firewall in place with ACLs and not use NAT if you have public IP addresses for everyone. NAT doesn't play into the scenario. The firewall understands traffic flows, because it is stateful. If you permit internal Computer A to reach Internet service B, you are allowing an outbound flow. That outbound flow does not get checked by inbound ACLs. The connection was established in an outbound way and would have been impacted by outbound ACLs.

JDMurray · November 2021

NAT and NACLs do two different things; both capabilities can exist in routers, Layer 3 switches, and firewalls.

Why Does NAT Work

Comments