HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

Enabling and disabling DCA using ipf..................................................................................41

Configuring IPFilter to enable DCA at system startup...............................................................42

Using IPFilter utilities with DCA.................................................................................................42

keep limit rules and rule hits................................................................................................42

Limits and hit counts......................................................................................................43

Monitoring and allocating memory for DCA data.......................................................................43

6 Configuring and loading NAT rules............................................................44

NAT rules configuration file......................................................................................................44

Format..............................................................................................................................44

Rule order and processing..................................................................................................44

Using NAT rules with filter rules.......................................................................................44

Inbound packets.......................................................................................................44

Outbound packets....................................................................................................44

NAT keywords........................................................................................................................45

Rule examples...................................................................................................................45

Mapping outbound packets: map and portmap..........................................................................45

Examples..........................................................................................................................46

portmap keyword...............................................................................................................46

Mapping to a block of addresses: map-block........................................................................46

Redirecting inbound packets: rdr..............................................................................................46

Redirecting packets to a specific port....................................................................................47

Using NAT redirection with filtering......................................................................................47

Using the rdr and round-robin keywords for load balancing.....................................................48

Sticky NAT sessions............................................................................................................48

Verifying connection health with l4check...............................................................................48

Known issues and limitations..........................................................................................48

Syntax.........................................................................................................................49

Options.......................................................................................................................49

Sample l4check.config_template file................................................................................49

Bidirectional mapping: bimap..................................................................................................50

Loading NAT rules..................................................................................................................50

LARGE NAT support in IPFilter (HP-UX 11iV3 only).......................................................................50

Enabling or disabling LARGE NAT.......................................................................................50

Tuning the HASH table sizes................................................................................................51

Enhancements to ipnat command.........................................................................................52

General tuning recommendations.........................................................................................53

7 Address pooling.......................................................................................55

The ippool utility.....................................................................................................................55

The ippool.conf file.................................................................................................................55

Configuring address pool........................................................................................................55

Syntax..............................................................................................................................55

Examples..........................................................................................................................56

8 Tips for securing your system......................................................................57

Blocking services by port number and protocol...........................................................................57

Example: firewall on a web server........................................................................................57

Example: firewall for multiple services...................................................................................57

Creating a complete filter by interface.......................................................................................58

Combining IP address and network interface filtering..................................................................58

Using bidirectional filtering......................................................................................................59

Using HP-UX IPFilter with end system security features..................................................................59

9 Troubleshooting HP-UX IPFilter....................................................................60

Viewing IPFilter statistics and active rules with ipfstat....................................................................60

Syntax..............................................................................................................................60

Contents 5