Section 31.3.6 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

NAT rule. Rules are created for both the forward and reverse direc-
tion (see

section 31.1.4.2

). Do not set this option if you want to

manage forwarding rules yourself.

– ”noarp”. Specify to disable ARP proxying for this rule. (see

sec-

tion 31.1.4.2

for details).

– ”passive”. Specify that this rule is created as inactive. It will be

shown in config but not used. To enable use ”passive” command,
see

section 31.3.11

.

– ”log”. Enables logging for traffic that matches this NAT rule. Noth-

ing will however be logged if logging is enabled here but disabled
under the common settings. See

section 31.3.12

.

❼ Delete a NAT rule

Use the command ”no nat ” to delete a specific NAT rule on
the position POS as shown with the command ”show” or ”show nat”.
Delete all NAT rules with ”no nat”.

Use ”show nat” to show configured NAT rules.

Default values Addresses without subnet lengths will be considered to be of

length /32 i.e. as a single IP address.

31.3.6

Configure Port Forwarding Rule

Syntax [no] port-forward in : [src ]

dst [:PORTRANGE] [proto ] [passive] [log]

Context

Firewall Configuration

context

Usage Add/delete a Port Forwarding rule. This is commonly used when the

switch is acting as NAT gateway, see

section 31.3.5

. E.g., ”port-forward

in vlan1:80 dst 10.0.0.2 proto tcp” to forward all web traffic coming
in on interface vlan1 to the Web server at IP address 10.0.0.2 (port 80).

❼ The argument ”:” specifies incoming interface,

and what port or port range to match.

❼ Use the ”[src ]” to match a single source IP ad-

dress or whole subnet.

❼ Use the ”dst [:PORTRANGE]” to specify where the pack-

ets should be forwarded. If the ”PORTRANGE” parameter is omitted, the

740

➞ 2015 Westermo Teleindustri AB