Hi All,
There is currently an update to app-firewall in clearos-updates-testing which affects port forwarding if you have more than one LAN and we'd appreciate feedback. Currently, when you do a port forward, three firewall rules are created, a FORWARD rule and a DNAT rule which are both needed and an odd SNAT rule for traffic between LANs. This update removes the SNAT rule as I see no reason for it.

As a bit of background this is what the rule does. If you have LAN A at 10.10.10.1/24 and LAN B at 192.168.1.1/24, without a port, forward traffic from 10.10.10.10 will go directly to 192.168.1.100 and will appear to come from 10.10.10.10. If you have a port forward to 192.168.1.100, for some reason an SNAT rule is created so traffic from 10.10.10.10 to 192.168.1.100 will appear to 192.168.1.100 as if it has come from 10.10.10.1. This seems to be pointless and just clutters up the firewall with extra rules.

To install the update, please do:

yum update app-firewall --enablerepo=clearos-updates-testing

Please post any feedback to this thread.