Kerio Tech Firewall6 User Manual

7.9 Media hairpinning

101

a packet is addressed to a client in the local network. Then it translates the destination IP

address and sends the packet back to the local network (as well as in case of port mapping).

This ensures that traffic between the two phones will work correctly.

Note:

1.

Hairpinning requires traffic between the local network and the Internet being allowed (be-

fore processed by the firewall, packets use a local source address and an Internet destina-

tion address — i.e. this is an outgoing traffic from the local network to the Internet). In

default traffic rules created by the wizard (see chapter

7.1

), this condition is met by the

NAT rule.

2.

In principle, hairpinning does not require that Full cone NAT is allowed (see chapter

7.8

).

However, in our example, Full cone NAT is required for correct functioning of the SIP

protocol.