NAT RULE 0

Can we choose a different color for traffic processed by NAT RULE 0. I have a firewall rule ALLOW ANY ANY and a nat rule NAT LAN to WAN. If i disable the nat rule, the traffic stops flowing as expected, but my firewall logs are still green and show traffic as allowed. It is technically correct that my traffic is allowed due to the firewall rule but I am not getting anywhere due to NAT rule zero so a little hint in the logs would be nice.

Also, the NAT rules don't stop passing traffic immediately if disabled unlike firewall rules probably due to conntrack entries so some clarity in the logs would be appreciated. (Try ping 8.8.8.8 and disable NAT rule, your ping will continue)

Regards

Parents
  • Hi Billybob,

    That would be nice but I have some Customers that do have some un-NATed routes via the WAN link, this would then interfere with the logging of those. There is already a column for whether it is NATed or not?

    I can imagine that the reason why it continues is solely because of the conntrack entry and waits for it to time out. I dislike this behaviour as it has caused me problems in the past.

    Emile

Reply
  • Hi Billybob,

    That would be nice but I have some Customers that do have some un-NATed routes via the WAN link, this would then interfere with the logging of those. There is already a column for whether it is NATed or not?

    I can imagine that the reason why it continues is solely because of the conntrack entry and waits for it to time out. I dislike this behaviour as it has caused me problems in the past.

    Emile

Children