Options

Why Does NAT Work

foreverlearningforeverlearning Member Posts: 42 ■■■□□□□□□□
Even though there is an ACL  To Block Incoming Traffic from the external interface?
I configure ip nat out on the external interface.
I also configure acl to prevent traffic coming in that external interface.
Users can goto internet which means NAT is working.
Why?

A diagram to explain this will be much appreciated. 
Tagged:

Comments

  • Options
    powerfoolpowerfool Member Posts: 1,666 ■■■■■■■■□□
    You're blocking inbound traffic, not outbound traffic.  If you want to block outbound traffic, then block outbound traffic.
    2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
  • Options
    foreverlearningforeverlearning Member Posts: 42 ■■■□□□□□□□
    I understand what you meet.
    But the traffic has to come in from outside to inside for NAT right? 
    NAT takes precedence over ACL?
  • Options
    powerfoolpowerfool Member Posts: 1,666 ■■■■■■■■□□
    It has nothing to do with NAT.  You can have a firewall in place with ACLs and not use NAT if you have public IP addresses for everyone.  NAT doesn't play into the scenario.  The firewall understands traffic flows, because it is stateful.  If you permit internal Computer A to reach Internet service B, you are allowing an outbound flow.  That outbound flow does not get checked by inbound ACLs.  The connection was established in an outbound way and would have been impacted by outbound ACLs.
    2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
  • Options
    JDMurrayJDMurray Admin Posts: 13,028 Admin
    NAT and NACLs do two different things; both capabilities can exist in routers, Layer 3 switches, and firewalls.
Sign In or Register to comment.