Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
51525354555657585960
Rules and Keywords
NAT Keywords
Chapter 240
bimap: Bidirectional Mapping
The bimap keyword allows IPFilter to map IP addresses bidirectionally.
This can be used when you want the IP address of a particular device on
the NAT-supported system to display as having a different IP address
outside the system. The following rule demonstrates the bimap property:
bimap lan0 192.168.1.1/32 -> 20.20.20.1/32
In the previous example, devices with IP address 192.168.1.1 on the
NAT-supported system display as having an IP address of 20.20.20.1
outside the system.
rdr: Redirecting Packets
The rdr keyword redirects packets coming into an IPFilter NAT system.
The default protocol the rdr keyword uses is TCP.
You can use the rdr keyword to redirect packets from one port to
another. For example, you can redirect traffic destined for the
well-known port 80 to port 8000 to enhance security on your system.
Configure the following rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8000
You can redirect UDP and ICMP packets as well as TCP packets. To
redirect UDP packets, add udp to the rule you configure. For example:
rdr lan0 20.20.20.0/24 port 31337 -> 127.0.0.1 port 31337 udp
You can use NAT redirection and IPFilter filtering together to provide
secure, redirected connections. For example, configure the following NAT
rule:
rdr lan0 20.20.20.5/32 port 80 -> 192.168.0.5 port 8000
Then configure the following IPFilter rule:
pass in on lan0 proto tcp from 172.16.8.2 to 192.168.0.5/32
port = 8000 flags S keep state
When a packet comes in, the NAT rule is processed first. The destination
address and port number are rewritten. Then the packet is passed to the
IPFilter rules for processing and the packet is matched to the pass in
rule.