IP/Port redirecting with csf

csf (ConfigServer Security & Firewall) offers the possibility to redirect/forward traffic from one IP/port to another IP/port.

The requirements, as stated in the /etc/csf/csf.redirect file, are:

nat tables
ipt_DNAT iptables module
ipt_SNAT iptables module
ipt_REDIRECT iptables module

The lines listed below need to be added to the file /etc/csf/csf.redirect. You can edit the line from the command-line or from your control panel -> csf plugin.

To redirect an IP to another IP (same port or a different port):

# DNAT (redirect from one IP address to a different one):
# IPx|*|IPy|*|tcp/udp          - To IPx redirects to IPy
# IPx|portA|IPy|portB|tcp/udp  - To IPx to portA redirects to IPy portB

Example 1 – redirect to, all TCP ports|*||*|tcp

Example 2 – redirect port 25 to port 25, TCP protocol|25||25|tcp

To redirect from one port to another:

# REDIRECT (redirect from port to a different one):
# IPx|portA|*|portB|tcp/udp    - To IPx to portA redirects to portB
# *|portA|*|portB|tcp/udp      - To portA redirects to portB

Example 3 – redirect port 8080 to port 443, all IPs, TCP protocol


Example 4 – redirect to, TCP protocol|8080||443|tcp

Leave a Reply