Why Does NAT Work
foreverlearning
Member Posts: 42 ■■■□□□□□□□
in CCNA & CCENT
Even though there is an ACL To Block Incoming Traffic from the external interface?
I configure ip nat out on the external interface.
I also configure acl to prevent traffic coming in that external interface.
Users can goto internet which means NAT is working.
Why?
A diagram to explain this will be much appreciated.
I configure ip nat out on the external interface.
I also configure acl to prevent traffic coming in that external interface.
Users can goto internet which means NAT is working.
Why?
A diagram to explain this will be much appreciated.
Comments
-
powerfool
Member Posts: 1,666 ■■■■■■■■□□
You're blocking inbound traffic, not outbound traffic. If you want to block outbound traffic, then block outbound traffic.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
foreverlearning
Member Posts: 42 ■■■□□□□□□□
I understand what you meet.
But the traffic has to come in from outside to inside for NAT right?
NAT takes precedence over ACL? -
powerfool
Member Posts: 1,666 ■■■■■■■■□□
It has nothing to do with NAT. You can have a firewall in place with ACLs and not use NAT if you have public IP addresses for everyone. NAT doesn't play into the scenario. The firewall understands traffic flows, because it is stateful. If you permit internal Computer A to reach Internet service B, you are allowing an outbound flow. That outbound flow does not get checked by inbound ACLs. The connection was established in an outbound way and would have been impacted by outbound ACLs.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
