Organize NAT rules with IP filter rules

While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering.

If you choose to apply only NAT rules, your system will only perform address translation. Similarly, if you choose to apply only IP filter rules, your system will only filter IP traffic. However, if you apply both types of rules, your system will translate and filter addresses. When you use NAT and filtering together, the rules occur in a specific order. For inbound traffic, NAT rules process first. For outbound traffic, filter rules process first.

You might want to consider using separate files to create your NAT and filter rules. Although this is not necessary, it will make your filter rules easier to read and troubleshoot. Either way (separate or together), you will receive the same errors. If you decide to use separate files for your NAT and filter rules, you can still activate both sets of rules. However, you should make sure that your rules do not interfere with one another.

To activate both NAT and filtering rules at the same time, you need to use the include feature. For example, you created File A for filter rules and File B for NAT rules. You can include the contents of File B into File A without rewriting all of your rules.

Related tasks
Include files in packet rules