Scenarios where RFC1918 addresses should NOT be blocked on the WAN interface

In its default configuration, AZTCO-FW software is not configured to block RFC1918 addresses from being routed from the LAN subnet to the outside WAN, because there are two common scenarios where blocking this traffic is not desirable:

  • ISP assigns a RFC1918 address to end users – Some ISPs assign private network addresses to their customers and perform their own NAT for customer traffic to the public internet. Verify this by looking at the WAN interface IP address on the AZTCO-FW dashboard. If the assigned address is from one of the private IP ranges listed above, RFC1918 traffic should NOT be blocked.
  • AZTCO-FW is “chained” behind another device like a consumer firewall or wifi router (double NAT) – In this case, AZTCO-FW performs NAT for devices connected to the AZTCO-FW LAN, and the WAN interface forwards traffic to the upstream device, where it undergoes a second NAT before entering the public internet. This is verified using the same steps as above – if the WAN IP address is from the RFC1918 range, do NOT block this traffic from exiting the WAN

This is an example of an RFC1918 address assigned to the AZTCO-FW WAN:

Warning: If either of these scenarios apply to the AZTCO-FW installation, do NOT add additional RFC1918 traffic blocking to the WAN interface as this may block LAN users from accessing the WAN.
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.