I'm learning fwbuilder and firewalls in general. I don't understand the differences between Policy, NAT and Routes. They all seem like they are just ways to tell the data where to go depending on what it is and where its coming from.
What is the real difference? Is a properly configured firewall taking advantage of all three (Policy, NAT and Routes) or are they just three different ways to accomplish the same thing and you only need one of them?
Best Answer
Not familiar with fwbuilder, but they all have more specific meanings in networking, here is how I would define them off the top of my head for general networking:
NAT and PAT:
Changes the IP destination or source and/or the ports in TCP/UDP. The most common uses are so multiple people can share a public IP, or to map public ips to private ips for services.
Policy:
What do with packets that meet certain requirements based on all sort of properties at various network levels. For example, drop them, or send an ICMP message to the requester saying it is closed. Here the primary use is for security to protect your network.
IP Routes:
Decide which interface to send traffic out depending on the destination IP (or possibly more advanced things when you talk about policy based routing). The use here is that this how the internet and most major computer networks work and the higher levels. Generally, NAT happens before routing, so the packet is altered by NAT and then routed according to the result.
General vs. Specific:
Your generalization of "ways to tell the data where to go depending on what it is and where it is coming from" is roughly what "networking" is. To take it to a higher level, to me it is almost like saying "Why are there all these computer words when all they do is move and manipulate data" :-) These terms are all specific aspects of networking which can be a full time vocation.