60 lines
4.2 KiB
HTML
60 lines
4.2 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Organize NAT rules with IP filter rules" />
|
||
|
<meta name="abstract" content="While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering." />
|
||
|
<meta name="description" content="While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb1whatis.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb88includessd.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzajbof-files" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Organize NAT rules with IP filter rules</title>
|
||
|
</head>
|
||
|
<body id="rzajbof-files"><a name="rzajbof-files"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Organize NAT rules with IP filter rules</h1>
|
||
|
<div><p>While network address translation (NAT) and IP filtering work independently
|
||
|
of each other, you can use NAT in conjunction with IP filtering.</p>
|
||
|
<p>If you choose to apply only NAT rules, your system will only perform address
|
||
|
translation. Similarly, if you choose to apply only IP filter rules, your
|
||
|
system will only filter IP traffic. However, if you apply both types of rules,
|
||
|
your system will translate and filter addresses. When you use NAT and filtering
|
||
|
together, the rules occur in a specific order. For inbound traffic, NAT rules
|
||
|
process first. For outbound traffic, filter rules process first.</p>
|
||
|
<p>You might want to consider using separate files to create your NAT and
|
||
|
filter rules. Although this is not necessary, it will make your filter rules
|
||
|
easier to read and troubleshoot. Either way (separate or together), you will
|
||
|
receive the same errors. If you decide to use separate files for your NAT
|
||
|
and filter rules, you can still activate both sets of rules. However, you
|
||
|
should make sure that your rules do not interfere with one another.</p>
|
||
|
<p>To activate both NAT and filtering rules at the same time, you need to
|
||
|
use the <em>include</em> feature. For example, you created File A for filter
|
||
|
rules and File B for NAT rules. You can include the contents of File B into
|
||
|
File A without rewriting all of your rules. </p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb1whatis.htm" title="Packet rules comprise both network address translation (NAT) rules and IP filtering rules. These two functions run at the IP layer of the TCP/IP stack and help protect your system against potential risks that are commonly associated with TCP/IP traffic.">Packet rules concepts</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzajbrzajb88includessd.htm" title="You can activate more than one packet rules file on your system by using the Include feature of the Packet Rules Editor.">Include files in packet rules</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|