HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

6.1.2.1.1 Inbound Packets......................................................................................................63

6.1.2.1.2 Outbound Packets...................................................................................................64

6.2 NAT Keywords................................................................................................................................65

6.2.1 Rule Examples.........................................................................................................................65

6.3 map and portmap: Mapping Outbound Packets............................................................................66

6.3.1 Examples.................................................................................................................................66

6.3.2 portmap Keyword...................................................................................................................66

6.3.3 map-block: Mapping to a Block of Addresses........................................................................67

6.4 rdr: Redirecting Inbound Packets....................................................................................................68

6.4.1 Redirecting Packets to a Specific Port.....................................................................................68

6.4.2 Using NAT Redirection with Filtering....................................................................................68

6.4.3 Using the rdr and round-robin Keywords for Load Balancing..............................................69

6.4.4 Sticky NAT Sessions................................................................................................................69

6.4.5 Checking Connection Health with l4check..........................................................................69

6.4.5.1 Syntax..............................................................................................................................69

6.4.5.2 Options............................................................................................................................69

6.4.5.3 Sample config File...........................................................................................................70

6.5 bimap: Bidirectional Mapping........................................................................................................71

6.6 Loading NAT Rules.........................................................................................................................72

7 Address Pooling...........................................................................................................73

7.1 The ippool Utility............................................................................................................................73

7.2 The ippool.conf File.........................................................................................................................73

7.3 Configuring Address Pool...............................................................................................................73

7.3.1 Syntax......................................................................................................................................73

7.3.2 Examples.................................................................................................................................74

8 Tips for Securing Your System.....................................................................................75

8.1 Blocking Services by Port Number and Protocol............................................................................75

8.1.1 Example: Firewall on a Web Server.........................................................................................75

8.1.2 Example: Firewall for Multiple Services.................................................................................75

8.2 Creating a Complete Filter by Interface..........................................................................................76

8.3 Combining IP Address and Network Interface Filtering................................................................76

8.4 Using Bidirectional Filtering...........................................................................................................77

8.5 Using HP-UX IPFilter with End System Security Features.............................................................77

9 Troubleshooting HP-UX IPFilter....................................................................................79

9.1 Viewing IPFilter Statistics and Active Rules with ipfstat...............................................................80

9.1.1 Syntax......................................................................................................................................80

9.1.2 Options....................................................................................................................................80

9.1.3 Examples.................................................................................................................................81

9.2 Testing Rules with ipftest................................................................................................................85

9.2.1 Syntax......................................................................................................................................85

9.2.2 Options....................................................................................................................................85

9.2.3 Example...................................................................................................................................86

9.3 Logging IPFilter Packets..................................................................................................................88

9.3.1 Using the log keyword to Configure IPFilter Logging...........................................................88

9.3.1.1 level log-level.............................................................................................................88

9.3.1.2 first...................................................................................................................................88

9.3.1.3 body.................................................................................................................................89

9.3.2 Using ipmon to View IPFilter Log Entries..............................................................................90

9.3.2.1 Syntax..............................................................................................................................90

6 Table of Contents