HP-UX IPFilter Version A.03.05.14 Administrator's Guide
Rules and Keywords
NAT Keywords
Chapter 2 39
NAT Keywords
The following section describes keywords specific to NAT functionality.
NOTE The maximum number of concurrent connections NAT can support is
16,383.
map and portmap: Basic NAT
Use the map keyword to create basic IPFilter NAT rules.
If you do not know the IP address of the target systems, configure the
following rule:
map lan0 192.168.1.0/24 -> 0/32
IPFilter NAT automatically detects the IP address of the outgoing
interface and translates 0/32 to the IP address of that interface.
Outgoing traffic addresses are translated to the outgoing interface IP
address.
If you do know the IP address of the outgoing interface, configure the
following rule:
map lan0 192.168.1.0/24 -> 20.20.20.1/32
IPFilter NAT translates the source IP addresses of the outgoing packets
to 20.20.20.1.
You can use the portmap keyword to force a translated IP packet onto a
specific port on the target system. This is useful if there is another
firewall the packet must pass through or if many systems are trying to
use the same source port.
To force TCP and UDP packets onto a specific port range, configure the
following rule:
map lan0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:30000
All translated TCP and UDP packets are forced through ports 20000
through 30000.