Help: Network Objects |
Introduction |
Enter all of your network objects here. For example, make sure that
all of your internal networks are defined. If there are external
hosts or networks that you need to define rules for, add them here.
|
What is a Network Object? |
A network object is something that you want to apply a firewall rule
to. This could be:
|
Object Name |
You can give your objects any name you want. There are a number of
pre-defined objects, you should not name your objects with a name
that is already taken by one of those.
One common strategy is to name your networks with the extension _NET or _net so they are easier to find.
|
Network Address |
You need to specify the network address of the network object. This
will be one of the following:
|
Network Mask |
You need to specify the network mask of the network object. This
will be one of the following:
|
Masquerade? |
If a network is behind your firewall, and you want to allow access from
that network to the internet through the single (assigned by an ISP) address
of the firewall using address translation, then you need to masquerade that
network.
For example, in a simple network environment where you have a LAN, and this firewall is the gateway to the internet, then you need to masquerade the network object for that LAN. If the network object is a remote host or network, then you probably should NOT masquerade it. You MUST masquerade a network object that is to be the target of any port forwarding. Traffic between masqueraded networks (eg: between one network object that is masqueraded, and another that is also masqueraded) will not be masqueraded by the firewall. This means that if you have a remote network that you need to access using the natural, un-masqueraded IP addresses from your network, then you could either masquerade both networks, or neither network. |