Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
41424344454647484950
map lan0 192.168.1.0/24 -> 20.20.20.1/32
The following NAT rule replaces IP source addresses from the 192.168.1.0/24 subnet with the
current IP address for the lan0 interface, then transmits them using lan0:
map lan0 192.168.1.0/24 -> 0/32
6.3.2 portmap keyword
You can use the portmap keyword to direct IPFilter to translate port numbers. When used with
the map keyword, IPFilter maps the source port number to a specific port number or range of port
numbers. You can use this feature to create a unique source IP address and source port number
pair. This provides unique port and IP address pairs after IP address translation when the same
source port number is used on multiple clients. It is also useful if there is another firewall or filtering
node the packet must pass through.
To use the portmap keyword with map rules, add the following options after the target_ip
address:
portmap [protocol] port_range|auto
where:
protocol is the upper-layer protocol. Valid values are:
tcp
udp
tcp/udp
The default is tcp.
port_range is the range of ports to use for the mapped ports.
auto directs IPFilter to automatically find an unused port to use as the mapped port.
In the following example, the source port numbers for the translated TCP and UDP packets are
translated to port numbers in the range 20000 - 30000.
map lan0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:30000
6.3.3 Mapping to a block of addresses: map-block
IPFilter NAT can map an IP address to a specific block of IP addresses in two ways.
You can use the map-block keyword to statically map sessions from a host to a selected block
of IP addresses. Configure the following rule:
map-block lan0 192.168.1.0/24 -> 20.20.20.0/24
Any outgoing packet with an IP address beginning with 192.168.1 is mapped to an IP address
beginning with 20.20.20.
Alternately, you can configure IPFilter NAT to translate to a block of IP addresses using only the
map and portmap keywords. Configure the following rule:
map lan0 192.168.0.0/16 -> 20.20.20.0/24 portmap tcp/udp 20000:60000
6.4 Redirecting inbound packets: rdr
The rdr keyword redirects inbound packets and rewrites the destination address. To redirect
inbound packets, use the following syntax:
rdr interface_name destination_ip -> target_ip
where:
interface_name is the name of the network interface used to receive the packets. For example,
lan1.
destination_ip is the destination IP address. This can a subnet address or 0.0.0.0/0 to
match any address.
44 Configuring and loading NAT rules