Skip to main content

Port/IP address Redirection

This feature uses the file /etc/csf/csf.redirect which is a list of port and/or IP address assignments to direct traffic to alternative ports/IP addresses.

Requirements:

  • nat tables
  • ipt_DNAT iptables module
  • ipt_SNAT iptables module
  • ipt_REDIRECT iptables module

The following are the allowed redirection formats

  • DNAT (redirect from one IP address to a different one):
  • IPx|*|IPy|*|tcp/udp - To IPx redirects to IPy
  • IPx|portA|IPy|portB|tcp/udp - To IPx to portA redirects to IPy portB

DNAT examples:

192.168.254.62|*|10.0.0.1|*|tcp
192.168.254.62|666|10.0.0.1|25|tcp

REDIRECT (redirect from port to a different one):

IPx|portA|*|portB|tcp/udp    - To IPx to portA redirects to portB
*|portA|*|portB|tcp/udp      - To portA redirects to portB

REDIRECT examples:

*|666|*|25|tcp
192.168.254.60|666|*|25|tcp
192.168.254.4|666|*|25|tcp

Where a port is specified it cannot be a range, only a single port.

All redirections to another IP address will always appear on the destination server with the source of this server, not the originating IP address.

This feature is not intended to be used for routing, NAT, VPN, etc tasks

Note: /proc/sys/net/ipv4/ip_forward must be set to 1 for DNAT connections to work. csf will set this where it can, but if the kernel value cannot be set then the DNAT redirection many not work.