Section 31.1.4, Sections 31.1.4.1 – Westermo RedFox Series User Manual
Page 697
Westermo OS Management Guide
Version 4.17.0-0
31.1.4
Network Address Translation
WeOS supports two kinds of NAT: NAPT (
31.1.4.1
NAPT style NAT
NAPT, or ”Network Address and Port Translation” enables hosts on a private net-
work to share an Internet connection with a single public IP address. NAPT is also
known as IP Masquerading or PAT (Port Address Translation) in the Cisco world.
Network
Internal/Private
Gateway
(public IP address)
Public Network (Internet)
Outbound Interface
Inbound Interface
NAPT
Figure 31.5: NAPT gateway providing access to the Internet. All hosts in the
private network share a single public IP address.
When configuring a NAPT rule, you need to specify the outbound interface
. The
appropriate rule will then be added to the post-routing step (see
) han-
dling the address translation. A rule is also needed in the forward filtering chain
to enable the forwarding (routing) of traffic, and that can be added automati-
cally by using the ”addfilter” option as shown in the example below (here we
assume that the interface ”Outbound/Public” side is named ”vlan2”.
Example
example:/config/ip/firewall/#> nat type napt out vlan2 addfilter
5
Appropriate interface IP settings must be configured, and IP routing must also be enabled, see
➞ 2015 Westermo Teleindustri AB
697