Table of Contents
Advertisement
iPBX30 User Manual
request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will send an
ICMP echo reply to 192.168.1.1. In the iPBX30, you don't need to
create another inbound ACL rule because stateful packet inspection
engine will remember the connection state and allows the ICMP
echo reply to pass through the firewall.
9.1.4 Default ACL Rules
The iPBX30 supports two types of access rules:
• ACL Rules: for controlling all access to the computers on the
LAN and DMZ and for controlling access to external networks
for hosts on the LAN and DMZ.
• Self-Access Rules: for controlling access to the IPBX30 itself.
Default Access Rules
• All traffic from external hosts to the hosts on the LAN and DMZ is
denied.
• All traffic originated from the LAN is forwarded to the external
network using NAT.
WARNING: It is not necessary to remove the default
ACL rule from the ACL rule table! It is better to create
higher priority ACL rules to override the default rule.
9.2
NAT Overview
Network Address Translation allows use of a single device, such
as the iPBX30, to act as an agent between the Internet (public
network) and a local (private) network. This means that a NAT
IP address can represent an entire group of computers to any
entity outside a network. Network Address Translation (NAT) is
a mechanism for conserving registered IP addresses in large
networks and simplifying IP addressing management tasks.
Because of the translation of IP addresses, NAT also conceals
true network address from privy eyes and provide a certain degree
security to the local network.
The NAT modes supported are static NAT, dynamic NAT, NAPT,
reverse static NAT and reverse NAPT.
Chapter 9
63
Advertisement
Table of Contents
