User`s guide
System Administrator’s Guide – Release 7.2.3.x
300 Main Street • East Rochester, NY 14445 • Toll Free 1-866-ALLWORX • 585-421-3850 • www.allworx.com
© 2010 Allworx Corp. All rights reserved. Allworx, a wholly owned subsidiary of PAETEC Holding. All other names may be trademarks or registered
trademarks of their respective owners.
Revised: September 1, 2010
Page 14
The WAN services (like FTP and HTTP) are still available via the LAN if the proper routes are configured on
your network.
5.3 Network Mode: NAT/Firewall
When the network mode is set to NAT/Firewall, the logical network capability is as shown in the diagram
below:
Allworx server
IP Based
Network Router
WAN Side
Server Network Services
LAN Side
Server Network Services
WAN
LAN
NAT Firewall
For security purposes, this mode’s default settings permit only outbound connections (from the LAN to the
WAN); all WAN-initiated connections are denied. In addition, all packets are subject to network address
translation (NAT). Because of this, the addresses of devices on the LAN are not visible on the WAN, yet they
have access to the WAN for outbound traffic. These features reduce the ability of WAN hosts to attack LAN
hosts.
WAN access to specific LAN network services can be allowed by exposing those specific LAN ports through
the firewall. This configuration is made in the Firewall section of the Network / Configuration / Modify page.