Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / d7282413763b0ba85d512c1cd49174b762ff449c / . / extensions / libipt_MASQUERADE.man
blob: 8f42993d3337fda08410885154989f0e7d8b17df [file] [log] [blame]
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]1This target is only valid in the
2.B nat
3table, in the
4.B POSTROUTING
5chain. It should only be used with dynamically assigned IP (dialup)
6connections: if you have a static IP address, you should use the SNAT
7target. Masquerading is equivalent to specifying a mapping to the IP
8address of the interface the packet is going out, but also has the
9effect that connections are
10.I forgotten
11when the interface goes down. This is the correct behavior when the
12next dialup is unlikely to have the same interface address (and hence
13any established connections are lost anyway). It takes one option:
14.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]15\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]16This specifies a range of source ports to use, overriding the default
17.B SNAT
18source port-selection heuristics (see above). This is only valid
19if the rule also specifies
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]20\fB\-p tcp\fP
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]21or
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]22\fB\-p udp\fP.
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]23.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]24\fB\-\-random\fP
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]25Randomize source port mapping
Eric Leblondae4b0b32007-02-24 15:11:33 +0000[diff] [blame]26If option
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]27\fB\-\-random\fP
Patrick McHardyef399a32007-05-29 11:24:45 +0000[diff] [blame]28is used then port mapping will be randomized (kernel >= 2.6.21).
29.RS
30.PP