Port / IP Redirection

Port / IP redirection allows you to direct traffic to alternative ports/IP addresses. It is controlled by the file /etc/csf/csf.redirect

DNAT Formats

Redirect from one IP address to a different one:

IPx|*|IPy|*|tcp/udp          - To IPx redirects to IPy
IPx|portA|IPy|portB|tcp/udp  - To IPx to portA redirects to IPy portB

DNAT examples

203.0.113.1|*|10.0.0.1|*|tcp
203.0.113.1|666|10.0.0.1|25|tcp

REDIRECT

Redirect from port to a different one:

IPx|portA|*|portB|tcp/udp    - To IPx to portA redirects to portB
*|portA|*|portB|tcp/udp      - To portA redirects to portB

REDIRECT examples

*|666|*|25|tcp
203.0.113.60|666|*|25|tcp
203.0.113.4|666|*|25|tcp

• Where a port is specified it cannot be a range, only a single port.
• All redirections to another IP address will always appear on the destination server with the source of this server, not the originating IP address.
• This feature is not intended to be used for routing, NAT, VPN, etc tasks.
/proc/sys/net/ipv4/ip_forward must be set to 1 for DNAT connections to work. CSF will set this where it can, but if the kernel value cannot be set then the DNAT redirection many not work.

Related Files

File Description
/etc/csf/csf.redirect This file contains a list of port and/or IP address assignments to direct traffic to alternative ports/IP addresses.

Related Pages