ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajboffiles.htm

60 lines
4.2 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Organize NAT rules with IP filter rules" />
<meta name="abstract" content="While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering." />
<meta name="description" content="While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb1whatis.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb88includessd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajbof-files" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Organize NAT rules with IP filter rules</title>
</head>
<body id="rzajbof-files"><a name="rzajbof-files"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Organize NAT rules with IP filter rules</h1>
<div><p>While network address translation (NAT) and IP filtering work independently
of each other, you can use NAT in conjunction with IP filtering.</p>
<p>If you choose to apply only NAT rules, your system will only perform address
translation. Similarly, if you choose to apply only IP filter rules, your
system will only filter IP traffic. However, if you apply both types of rules,
your system will translate and filter addresses. When you use NAT and filtering
together, the rules occur in a specific order. For inbound traffic, NAT rules
process first. For outbound traffic, filter rules process first.</p>
<p>You might want to consider using separate files to create your NAT and
filter rules. Although this is not necessary, it will make your filter rules
easier to read and troubleshoot. Either way (separate or together), you will
receive the same errors. If you decide to use separate files for your NAT
and filter rules, you can still activate both sets of rules. However, you
should make sure that your rules do not interfere with one another.</p>
<p>To activate both NAT and filtering rules at the same time, you need to
use the <em>include</em> feature. For example, you created File A for filter
rules and File B for NAT rules. You can include the contents of File B into
File A without rewriting all of your rules. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb1whatis.htm" title="Packet rules comprise both network address translation (NAT) rules and IP filtering rules. These two functions run at the IP layer of the TCP/IP stack and help protect your system against potential risks that are commonly associated with TCP/IP traffic.">Packet rules concepts</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzajbrzajb88includessd.htm" title="You can activate more than one packet rules file on your system by using the Include feature of the Packet Rules Editor.">Include files in packet rules</a></div>
</div>
</div>
</body>
</html>