Configure > Networking > ARM > General

Redirection Rules Displays the redirection rules in the ipnat.conf file that specify how incoming packets are redirected when the proxy is serving traffic transparently. During installation, Content Gateway creates a small number of default rules. These rules can be added to and modified. IPv4 and IPv6 addresses are supported. During operation, Content Gateway traverses the list top down and applies the first matching rule.
Refresh Updates the table to display the most up-to-date rules in the ipnat.conf file.
Edit File Opens the configuration file editor for the ipnat.conf file.
  ipnat.conf Configuration File Editor
rule display box Lists the ipnat.conf file rules. Select a rule to edit it. The buttons on the left of the box allow you to delete or move the selected rule up or down in the list.
Add Adds a new rule to the rule display box at the top of the configuration file editor page.
Set Updates the rule display box at the top of the configuration file editor page.
Ethernet Interface Specifies the Ethernet interface that traffic will use to access the Content Gateway machine: for example, eth0 on Linux.
Connection Type Specifies the connection type that applies for the rule: TCP or UDP.
Destination IP

Specifies the IP address from which traffic is sent.

0.0.0.0 or :: match all IP addresses.

Destination CIDR Specifies the IP address in CIDR (Classless Inter-Domain Routing) format, such as 1.1.1.0/24. Entering a value in this field is optional.
Destination Port Specifies the traffic destination port: for example, 80 for HTTP traffic.
Redirected Destination IP Specifies the IP address of your Content Gateway server.
Redirected Destination Port Specifies the proxy port: for example, 8080 for HTTP traffic.
User Protocol (Optional) When dns is selected, the ARM redirects DNS traffic to Content Gateway: otherwise, DNS traffic is bypassed.
Apply Applies the configuration changes.
Close

Exits the configuration file editor.

Click Apply before you click Close; otherwise, all configuration changes are discarded.

IP Spoofing: Enabled/ Disabled

Enables or disables the IP spoofing option, which configures Content Gateway to establish connections to origin servers with the client IP address instead of the Content Gateway IP address. For more information, see Content Gateway IP spoofing.

Note: IP spoofing requires precise control of the routing paths on your network, overriding the normal routing process for traffic running on TCP port 80 and 443.
  ipnat.conf Configuration File Editor
rule display box Lists the ipnat.conf file rules. Select a rule to edit it. The buttons on the left of the box allow you to delete or move the selected rule up or down in the list.
Add Adds a new rule to the rule display box at the top of the configuration file editor page.
Set Updates the rule display box at the top of the configuration file editor page.
Ethernet Interface Specifies the Ethernet interface that traffic will use to access the Content Gateway machine: for example, eth0 on Linux.
Connection Type Specifies the connection type that applies for the rule: TCP or UDP.
Destination IP

Specifies the IP address from which traffic is sent.

0.0.0.0 or :: match all IP addresses.

Destination CIDR Specifies the IP address in CIDR (Classless Inter-Domain Routing) format, such as 1.1.1.0/24. Entering a value in this field is optional.
Destination Port Specifies the traffic destination port: for example, 80 for HTTP traffic.
Redirected Destination IP Specifies the IP address of your Content Gateway server.
Redirected Destination Port Specifies the proxy port: for example, 8080 for HTTP traffic.
User Protocol (Optional) When dns is selected, the ARM redirects DNS traffic to Content Gateway: otherwise, DNS traffic is bypassed.
Apply Applies the configuration changes.
Close

Exits the configuration file editor.

Click Apply before you click Close; otherwise, all configuration changes are discarded.

IP Spoofing: Enabled/ Disabled

Enables or disables the IP spoofing option, which configures Content Gateway to establish connections to origin servers with the client IP address instead of the Content Gateway IP address. For more information, see Content Gateway IP spoofing, page 77.

Warning: IP spoofing requires precise control of the routing paths on your network, overriding the normal routing process for traffic running on TCP port 80 and 443.
Range Based IP Spoofing: Enabled/ Disabled

Enables or disables the range-based IP spoofing extension. This extension supports the specification of IP addresses and ranges of addresses that are mapped to specified IP addresses for spoofing.

Many groups can be specified. However, use this feature judiciously because list traversal adds overhead to every connection request. The larger the list, the more overhead.

The list is traversed in order (as displayed). The first match is applied.

Clients that don’t match a grouping are spoofed with their own IP address (basic IP spoofing).

For more information, see Content Gateway IP spoofing.

Range Based IP Spoofing: Address table

In the Client IP Addresses field, enter a comma separated list of individual IP addresses and/or IP address ranges. Do not use spaces.

You can use:

  • A simple IP address, such as 123.45.67.8
  • CIDR (Classless Inter-Domain Routing) format, such as 1.1.1.0/24.
  • A range separated by a dash, such as 1.1.1.1-2.2.2.2
  • Any combination of the above, separated by commas, such as:

1.1.1.0/24,25.25.25.25,123.1.23.1-123.1.23.123

  • A maximum of 64 IPv4 addresses or 32 IPv4 address ranges.

In the Spoofed IP Address field, enter the IP address to use with matching clients. This is the spoofed IP address.

To add a row to the table, click Add Row.

To remove a row from the table, delete the contents of the cells. When you click Apply the empty row(s) is removed

The table always has a minimum of 5 rows.

Restart Content Gateway to put changes into effect.