| Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 1 | Similar to SNAT/DNAT depending on chain: it takes a range of addresses |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 2 | (`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same |
| Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 3 | source-/destination-address for each connection. |
| Jan Engelhardt | 6d7d91e | 2009-06-08 15:46:19 +0200 | [diff] [blame] | 4 | .PP |
| 5 | N.B.: The DNAT target's \fB\-\-persistent\fP option replaced the SAME target. |
| Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 6 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 7 | \fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP] |
| Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 8 | Addresses to map source to. May be specified more than once for |
| 9 | multiple ranges. |
| 10 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 11 | \fB\-\-nodst\fP |
| Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 12 | Don't use the destination-ip in the calculations when selecting the |
| 13 | new source-ip |
| Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 14 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 15 | \fB\-\-random\fP |
| Jan Engelhardt | 6cf172e | 2008-03-10 17:48:59 +0100 | [diff] [blame] | 16 | Port mapping will be forcibly randomized to avoid attacks based on |
| Eric Leblond | ae4b0b3 | 2007-02-24 15:11:33 +0000 | [diff] [blame] | 17 | port prediction (kernel >= 2.6.21). |