- Kerio WinRoute Firewall Administrator's Guide
Chapter 6 Traffic Policy
106
Note: Use the Default option for the Protocol Inspector item if a particular service (see
the Service item) is used in the rule definition (the protocol inspector is included in the
service definition).
6.4 Basic Traffic Rule Types
WinRoute traffic policy provides a range of network traffic filtering options. In this chap-
ter you will find some rules used to manage standard configurations. Using these exam-
ples you can easily create a set of rules for your network configuration.
IP Translation (NAT)
IP translation (as well as Internet connection sharing) is a term used for the exchange of
a private IP address in a packet going out from the local network to the Internet with
the IP address of the Internet interface of the WinRoute host. This technology is used to
connect local private networks to the Internet by a single public IP address.
The following example shows an appropriate traffic rule:
Figure 6.22 A typical traffic rule for NAT (Internet connection sharing)
Source
Interface connected to the private local network.
If the network includes more than one segment and each segment is connected to
an individual interface, specify all the interfaces in the Source entry.
If the local network includes other routers, it is not necessary to specify all in-
terfaces (the interface which connects the network with the WinRoute host will be
satisfactory).
Destination
Interface connected to the Internet.
Service
This entry can be used to define global limitations for Internet access. If particular
services are defined for IP translations, only these services will be used for the IP
translations and other Internet services will not be available from the local network.
Action
To validate a rule one of the following three actions must be defined: Permit, Drop,
Deny.