HP-UX IPFilter V17.05 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

5.5 return-rst: Returning RESET Packets..............................................................................................52

5.6 cumulative: Limiting Cumulative Connections..............................................................................52

5.7 log limit: Logging Exceeded Connections.......................................................................................52

5.7.1 Summary Logs and Cumulative Limits..................................................................................53

5.8 log limit freq: Log Frequency .........................................................................................................53

5.9 Loading and Modifying DCA Rules...............................................................................................55

5.9.1 Updating keep limit Rules......................................................................................................55

5.9.1.1 Changing the Current Individual, Subnet, or IP Address Range Rule...........................55

5.9.1.2 Updating a Subnet or IP Address Range Rule................................................................56

5.9.2 Adding New keep limit Rules.................................................................................................56

5.9.2.1 To Add a New Individual keep limit Rule:.....................................................................56

5.9.2.2 To Add a New Subnet or IP Address Range Rule:.........................................................56

5.9.3 Integrating keep limit Rules....................................................................................................56

5.9.4 Extracting an Individual Rule from a Subnet Rule.................................................................57

5.10 Enabling and Disabling DCA........................................................................................................58

5.10.1 Enabling and Disabling DCA Using ipf................................................................................58

5.10.2 Configuring IPFilter to Enable DCA at System Startup Time..............................................58

5.11 Using IPFilter Utilities with DCA..................................................................................................58

5.11.1 keep limit Rules and Rule Hits..............................................................................................59

5.11.1.1 Limits and Hit Counts...................................................................................................59

5.12 Monitoring and Allocating Memory for DCA Data......................................................................60

6 Configuring and Loading Network Address Translation (NAT) Rules....................61

6.1 NAT Rules Configuration File.........................................................................................................61

6.1.1 Format.....................................................................................................................................61

6.1.2 Rule Order and Processing......................................................................................................61

6.1.2.1 Using NAT Rules with Filter Rules.................................................................................61

6.1.2.1.1 Inbound Packets......................................................................................................61

6.1.2.1.2 Outbound Packets...................................................................................................62

6.2 NAT Keywords................................................................................................................................63

6.2.1 Rule Examples.........................................................................................................................63

6.3 map and portmap: Mapping Outbound Packets............................................................................64

6.3.1 Examples.................................................................................................................................64

6.3.2 portmap Keyword...................................................................................................................64

6.3.3 map-block: Mapping to a Block of Addresses........................................................................65

6.4 rdr: Redirecting Inbound Packets....................................................................................................66

6.4.1 Redirecting Packets to a Specific Port.....................................................................................66

6.4.2 Using NAT Redirection with Filtering....................................................................................66

6.4.3 Using the rdr and round-robin Keywords for Load Balancing..............................................67

6.4.4 Sticky NAT Sessions................................................................................................................67

6.4.5 Checking Connection Health with l4check..........................................................................67

6.4.5.1 Syntax..............................................................................................................................67

6.4.5.2 Options............................................................................................................................67

6.4.5.3 Sample config File...........................................................................................................68

6.5 bimap: Bidirectional Mapping........................................................................................................69

6.6 Loading NAT Rules.........................................................................................................................70

7 Address Pooling...........................................................................................................71

7.1 The ippool Utility............................................................................................................................71

7.2 The ippool.conf File.........................................................................................................................71

7.3 Configuring Address Pool...............................................................................................................71

7.3.1 Syntax......................................................................................................................................71

7.3.2 Examples.................................................................................................................................72

Table of Contents 5