Westermo RedFox Series User Manual
Page 234
Westermo OS Management Guide
Version 4.17.0-0
Adapting Firewall and NAT rules when using PPPoE
When PPPoE is used for WAN IP address assignment (see above), the
firewall and NAT rules must be adapted accordingly, i.e., ”vlan1006”
should be replaced by ”pppoe0” as shown in the example below.
Example
ip
forwarding
firewall
policy input DROP
policy forward DROP
filter allow in vlan1 proto icmp
filter deny in pppoe0 dport 53 proto udp
filter deny in pppoe0 dport 53 proto tcp
nat type napt out pppoe0 addfilter
enable
end
❼ Other Configurations: The items above cover the most important config-
uration settings when connecting a Falcon to your ISP. Notes on a few more
settings are given below:
– RSTP: Westermo switches running WeOS typically have RSTP enabled on
all Ethernet and DSL ports. However, the xDSL port on Falcon have RSTP
disabled by default. For more information on RSTP, see
– VPN: Its possible to use the Falcon as a VPN gateway. For more informa-
tion on configuring VPNs in WeOS, see
– DHCP Server: For information on how to make your Falcon act as DHCP
server on your local network (vlan1), see
11.1.4.2
Using Falcon as a Switch (Bridge)
As shown in
, it is possible to use the Falcon as a xDSL/Ethernet bridge.
That is, the xDSL port does not have to be used as a dedicated router port;
instead the Falcon could switch packets between Ethernet and xDSL ports, given
that they are mapped to the same VLAN (see
Although it is possible to make the Falcon work as a regular WeOS switch, there
are some differences:
❼ Falcon is a router by default: All WeOS devices can be configured to act as
router or switch. The difference is that Falcon is configured as router in its
234
➞ 2015 Westermo Teleindustri AB