4.1. Overview

With the new 2.4.x Kernel and iptables, NAT and Masquerade are handled by the Netfilter module in the kernel. With these rules we can change source and destination item of the connection, and this is useful when we want to redirect all the traffic destinated to host 'X' to another host 'Y'.

If, for example, our provider assigned us some public addresses but our web server is situated in a dmz with a private address, to make this server accessible from outside we need to set a NAT rule which redirects all the connections destinated to the public address we chose for our web server towards its private address (real). The client which establishes the connection won't notice anything and will believe really to communicate with a web server whose IP address is public.

Masquerading is a particular case of NATting and it is applied when we want that connections between 2 zones seem, to the destination zone, as if they came from our firewall. Masquerading is commonly used for connections towards Internet: we don't want that our internal hosts are identified by Internet hosts so we tell our firewall to masquerade all communications toward outside. The connection will appear, to Internet hosts, to come from our firewall.

To view a list of NAT and Masquerading rules, click on "NAT and Masquerading" icon from main menu of Turtle Firewall module.