HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3
target_ip is the target IP address. IPFilter translates the destination IP address to the target IP
address.
6.4.1 Redirecting packets to a specific port
You can also use the rdr keyword with port and protocol specifications to redirect inbound packets
from one port to another:
rdr interface_name destination_ip port destination_port -> target_ip
port target_port [protocol]
where:
interface_name is the name of the network interface used to transmit the packets. For example,
lan1.
destination_ip is the destination IP address. This can a subnet address or 0.0.0.0/0 to
match any address.
destination_port is the destination port number.
target_ip is the target IP address. IPFilter translates the destination IP address to the target IP
address.
target_port is the target port number. IPFilter translates the destination port number to the target
port number.
protocol is the upper-layer protocol. Valid values are:
tcp
udp
tcp/udp
The default protocol is tcp.
For example, you can redirect traffic destined for port 80 (the IANA-assigned port number for
HTTP) to a port used by an alternate or more secure HTTP server, such as port 8080. Configure
the following rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8080
You can redirect UDP and ICMP packets as well as TCP packets. To redirect UDP packets, add
udp to the rule you configure. For example:
rdr lan0 20.20.20.0/24 port 31337 -> 127.0.0.1 port 31337 udp
6.4.2 Using NAT redirection with filtering
You can use NAT redirection and IPFilter filtering together to provide secure, redirected connections.
For example, configure the following NAT rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8080
Then configure the following rule in your filter rules file:
pass in on lan0 proto tcp from 172.16.8.2 to 192.168.0.5/32 port = 8080 flags S keep state
When a packet comes in, IPFilter first evaluates the NAT rules. IPFilter rewrites the destination
address and port number based on the NAT rule. IPFilter then evaluates the filter rules. With the
rewritten destination address and port number, the packet matches the pass in rule.
6.4.3 Using the rdr and round-robin keywords for load balancing
You can use the rdr keyword with the round-robin keyword to implement load-balancing
systems and redirect traffic to multiple addresses. Separate the target addresses with a comma.
For example:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5,192.168.0.6 port 8000 round-robin
6.4 Redirecting inbound packets: rdr 45