Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 1 | Similar to SNAT/DNAT depending on chain: it takes a range of addresses |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 2 | (`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same |
Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 3 | source-/destination-address for each connection. |
| 4 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 5 | \fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP] |
Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 6 | Addresses to map source to. May be specified more than once for |
| 7 | multiple ranges. |
| 8 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 9 | \fB\-\-nodst\fP |
Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 10 | Don't use the destination-ip in the calculations when selecting the |
| 11 | new source-ip |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 12 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 13 | \fB\-\-random\fP |
Jan Engelhardt | 6cf172e | 2008-03-10 17:48:59 +0100 | [diff] [blame] | 14 | Port mapping will be forcibly randomized to avoid attacks based on |
Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 15 | port prediction (kernel >= 2.6.21). |