Manualshelf

HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
61626364656667686970
6.4 rdr: Redirecting Inbound Packets
The rdr keyword redirects inbound packets and rewrites the destination address. To redirect
inbound packets, use the following syntax:
rdr interface_name destination_ip -> target_ip
where:
interface_name is the name of the network interface used to receive the packets. For example,
lan1.
destination_ip is the destination IP address. This can a subnet address or 0.0.0.0/0 to
match any address.
target_ip is the target IP address. IPFilter translates the destination IP address to the target
IP address.
6.4.1 Redirecting Packets to a Specific Port
You can also use the rdr keyword with port and protocol specifications to redirect inbound
packets from one port to another:
rdr interface_name destination_ip port destination_port -> target_ip
port target_port [protocol]
where:
interface_name is the name of the network interface used to transmit the packets. For example,
lan1.
destination_ip is the destination IP address. This can a subnet address or 0.0.0.0/0 to
match any address.
destination_port is the destination port number.
target_ip is the target IP address. IPFilter translates the destination IP address to the target
IP address.
target_port is the target port number. IPFilter translates the destination port number to the
target port number.
protocol is the upper-layer protocol. Valid values are:
tcp
udp
tcp/udp
The default protocol is tcp.
For example, you can redirect traffic destined for port 80 (the IANA-assigned port number for
HTTP) to a port used by an alternate or more secure HTTP server, such as port 8080. Configure
the following rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8080
You can redirect UDP and ICMP packets as well as TCP packets. To redirect UDP packets, add
udp to the rule you configure. For example:
rdr lan0 20.20.20.0/24 port 31337 -> 127.0.0.1 port 31337 udp
6.4.2 Using NAT Redirection with Filtering
You can use NAT redirection and IPFilter filtering together to provide secure, redirected
connections. For example, configure the following NAT rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8080
Then configure the following rule in your filter rules file:
pass in on lan0 proto tcp from 172.16.8.2 to 192.168.0.5/32 port = 8080 flags S keep state
68 Configuring and Loading Network Address Translation (NAT) Rules