Transparent firewall

A "transparent" firewall is an amalgam of a proxy firewall and a NAT firewall. An internal machine only has to know where to send packets to reach the outside, similar to a NAT firewall. However, the firewall may "transparently" invoke proxy-like mechanisms on certain traffic, for security purposes, rather than just blindly forwarding it through. The internal machines may or may not have a private IP address range.

Advantages:

* No special configuration on the client side, just like a NAT firewall.
* Allows for finer control and protection for well-known services

Disadvantages:

* Shares most of the disadvantages of a NAT firewall. If a particular application protocol is being used on a non-standard port, you will lose all "special" protections. Depending on your allow rules, it may not even happen at all.

就是透明模式啊~也就是防火牆只檢查封包..不對封包內容做改變...你往來那要往那去..照做..TTL也不減少