beautypg.com

Westermo RedFox Series User Manual

Page 687

background image

Westermo OS Management Guide

Version 4.17.0-0

Port Forwarding: With port forwarding (

section 31.1.5

) it is possible

to map incoming data to a given destination IP and (UDP/TCP) port
to another destination IP/port when forwarding the packet. As shown
in

fig. 31.1

this mapping is conducted at the pre-routing stage of the

packet processing. For every configured port forwarding rule, a filter
rule is implicitly added to the forwarding filter to allow the packet to
pass through the router. This is hinted by a dashed arrow in

fig. 31.1

.

NAT: Network address translation (

section 31.1.4

) involves ”translation

operations” both in the pre-routing (”1-TO-1 NAT”) and in the post-
routing post-routing stage (”1-TO-1 NAT” and ”NAPT”) as shown in

fig. 31.1

.

For every configured NAT rule, an associated filter rule can be added to
the forwarding filter to allow the packet to pass through the router. This
is hinted by a dashed arrow in

fig. 31.1

.

Note

The user can choose if an associated filter rule should be added for
each NAT rule or not. If disabled, the user needs to configure own
filter rule(s) to make the data packets to pass through the firewall.
See

sections 31.1.4.1

and

31.1.4.2.3

for more information.

Services: Filter rules are implicitly added to to the input filter to allow

packets for enabled services to enter the unit. This includes config-
urable services such as DHCP Server (

chapter 22

), Serial Over IP (

chap-

ter 39

), VRRP (

chapter 30

), etc., where allow rules are added matching

TCP/UDP port numbers, IP protocols, and/or incoming interfaces appro-
priate for the configured services. As the WeOS unit acts as a DNS
forwarder, implicit allow rules to accept incoming DNS requests are also
added.

Management interface: The WeOS management interface feature

(

section 19.2.7

) utilises firewall functionality to control which network inter-

faces the unit can be managed through.

Other filter rules:

Connection tracking (related/established): The WeOS firewall will allow

all packets associated with established connections, as well as packets
related to established connections. This means that an a rule allowing
traffic to pass through the firewall in one direction, will implicitly allow
traffic of established connections (and traffic of related connections)
to also pass in the reverse direction. Application level gateway (ALG)

➞ 2015 Westermo Teleindustri AB

687

This manual is related to the following products:
See also other documents in the category Westermo Equipment: