blob: a99dc73f6cf4eab7a2b6d477addf4892a83b4544 [file] [log] [blame]
Similar to SNAT/DNAT depending on chain: it takes a range of addresses
(`\-\-to\-') and gives a client the same
source-/destination-address for each connection.
N.B.: The DNAT target's \fB\-\-persistent\fP option replaced the SAME target.
\fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP]
Addresses to map source to. May be specified more than once for
multiple ranges.
Don't use the destination-ip in the calculations when selecting the
new source-ip
Port mapping will be forcibly randomized to avoid attacks based on
port prediction (kernel >= 2.6.21).