37.3. Packet Routes Through the Firewall

37.3.1. Packet Routes on the LAN and Internet

The route of the packets can be summarized quite easily:

  • The rulesets used always depend on the source of the packets.

  • Rules that modify packets are always performed first. This includes NAT, port forwarding, static NAT and transparent proxy. All following rules will only see the already modified packets.

  • The connections of the Intra2net system itself cannot be restricted.

37.3.2. Packet Routes for VPN Connections

With VPNs, the packets are checked by the firewall before encryption and after decryption.

Packets coming from the VPN are checked after decryption by the ruleset assigned to the VPN. Only this ruleset decides whether the packets are allowed through.