From a654577ac2a35b2ffc998698ee3c19b94a4562ef Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Mon, 12 Feb 2024 21:05:01 +0000 Subject: [PATCH] improve port-forwarding comment --- examples/demo-firewall.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/demo-firewall.nix b/examples/demo-firewall.nix index 923c306..88441e1 100644 --- a/examples/demo-firewall.nix +++ b/examples/demo-firewall.nix @@ -234,8 +234,10 @@ in { family = "ip"; rules = [ # This is where you put permitted incoming connections. If - # you're using NAT, the rules in this chain will see the - # internal (RFC1918) addresses. + # you're using NAT and want to forward a port from outside to + # devices on the LAN, then you need a DNAT rule in nat-rx chain + # *and* to accept the packet in this chain (specifying the + # internal (RFC1918) address). ]; };