IP/Port redirecting with csf

csf (ConfigServer Security & Firewall) offers the possibility to redirect/forward traffic from one IP/port to another IP/port.

The requirements, as stated in the /etc/csf/csf.redirect file, are:

Requirements:
nat tables
ipt_DNAT iptables module
ipt_SNAT iptables module
ipt_REDIRECT iptables module

The lines listed below need to be added to the file /etc/csf/csf.redirect. You can edit the line from the command-line or from your control panel -> csf plugin.

To redirect an IP to another IP (same port or a different port):

# DNAT (redirect from one IP address to a different one):
# IPx|*|IPy|*|tcp/udp          - To IPx redirects to IPy
# IPx|portA|IPy|portB|tcp/udp  - To IPx to portA redirects to IPy portB

Example 1 – redirect 23.23.23.23 to 23.23.23.35, all TCP ports

23.23.23.23|*|23.23.23.35|*|tcp

Example 2 – redirect 23.23.23.23 port 25 to 23.23.23.35 port 25, TCP protocol

23.23.23.23|25|23.23.23.35|25|tcp

To redirect from one port to another:

# REDIRECT (redirect from port to a different one):
# IPx|portA|*|portB|tcp/udp    - To IPx to portA redirects to portB
# *|portA|*|portB|tcp/udp      - To portA redirects to portB

Example 3 – redirect port 8080 to port 443, all IPs, TCP protocol

*|8080|*|443|tcp

Example 4 – redirect 23.23.23.23:8080 to 23.23.23.35:443, TCP protocol

23.23.23.23|8080|23.23.23.35|443|tcp
csf image
csf webpage screenshot

Leave a Reply