Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
41424344454647484950
#
# List the different "remote server" i.e. the "IP Address,port" combination.
# This list will be used for testing the connections if successful within
# timeout, probe with request if provided and check for response if provided.
#
# Below is a sample list.
remote server 192.168.1.2,23
remote server 192.168.1.2,2101
remote server 192.168.1.3,25
remote server 192.168.1.254,8000
remote server 192.168.1.1,9
Bidirectional mapping: bimap
The bimap keyword creates two map entries for the rule: one for inbound and one for outbound.
Unlike the map keyword, an initial inbound packet is not required to create the outbound rule.
The bimap keyword allows IPFilter to map IP addresses bidirectionally. You can use this when you
want the IP address of a particular device on the NAT-supported system to appear to have a
different IP address outside the system. For example:
bimap lan0 192.168.1.1/32 -> 20.20.20.1/32
In this example, the interface with IP address 192.168.1.1 on the NAT-supported system appears
to have the IP address 20.20.20.1 outside the system.
Loading NAT rules
To load IPFilter NAT rules:
1. Add NAT rules to the /etc/opt/ipf/ipnat.conf file, or to another NAT rules file you
select. For information and instructions, see Section (page 75).
2. To manually load the NAT rules:
ipnat -CF -f /etc/opt/ipf/ipnat.conf
This command flushes any current mappings and NAT rules, and reads NAT rules from the
specified rules file.
LARGE NAT support in IPFilter (HP-UX 11iV3 only)
LARGE NAT feature is present in HP-UX IPFilter V18.21 and later. Enabling LARGE NAT allows
fine tuning of IPFilter NAT HASH table sizes. Tuning the HASH table sizes may reduce the number
of HASH collisions, resulting in faster search in the HASH tables and increased throughput. The
size of all hash tables is 127 by default. These can be tuned using kctune parameters described
in the subsequent sections.
Enabling or disabling LARGE NAT
A new ipnat_largenat_enable tunable is added to HP-UX IPFilter.
To enable LARGE NAT, run the following command:
$kctune ipnat_largenat_enable=1
Default value is 0 (disabled).
50 Configuring and loading NAT rules