Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 1 | Similar to SNAT/DNAT depending on chain: it takes a range of addresses |
| 2 | (`--to 1.2.3.4-1.2.3.7') and gives a client the same |
| 3 | source-/destination-address for each connection. |
| 4 | .TP |
| 5 | .BI "--to " "<ipaddr>-<ipaddr>" |
| 6 | Addresses to map source to. May be specified more than once for |
| 7 | multiple ranges. |
| 8 | .TP |
| 9 | .B "--nodst" |
| 10 | Don't use the destination-ip in the calculations when selecting the |
| 11 | new source-ip |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 12 | .TP |
| 13 | .B "--random" |
| 14 | Port mapping will be forcely randomized to avoid attacks based on |
| 15 | port prediction (kernel >= 2.6.21). |