Blame extensions/libxt_MASQUERADE.man
|
Packit |
7b22a4 |
This target is only valid in the
|
|
Packit |
7b22a4 |
.B nat
|
|
Packit |
7b22a4 |
table, in the
|
|
Packit |
7b22a4 |
.B POSTROUTING
|
|
Packit |
7b22a4 |
chain. It should only be used with dynamically assigned IP (dialup)
|
|
Packit |
7b22a4 |
connections: if you have a static IP address, you should use the SNAT
|
|
Packit |
7b22a4 |
target. Masquerading is equivalent to specifying a mapping to the IP
|
|
Packit |
7b22a4 |
address of the interface the packet is going out, but also has the
|
|
Packit |
7b22a4 |
effect that connections are
|
|
Packit |
7b22a4 |
.I forgotten
|
|
Packit |
7b22a4 |
when the interface goes down. This is the correct behavior when the
|
|
Packit |
7b22a4 |
next dialup is unlikely to have the same interface address (and hence
|
|
Packit |
7b22a4 |
any established connections are lost anyway).
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
|
|
Packit |
7b22a4 |
This specifies a range of source ports to use, overriding the default
|
|
Packit |
7b22a4 |
.B SNAT
|
|
Packit |
7b22a4 |
source port-selection heuristics (see above). This is only valid
|
|
Packit |
7b22a4 |
if the rule also specifies one of the following protocols:
|
|
Packit |
7b22a4 |
\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-random\fP
|
|
Packit |
7b22a4 |
Randomize source port mapping
|
|
Packit |
7b22a4 |
If option
|
|
Packit |
7b22a4 |
\fB\-\-random\fP
|
|
Packit |
7b22a4 |
is used then port mapping will be randomized (kernel >= 2.6.21).
|
|
Packit |
7b22a4 |
Since kernel 5.0, \fB\-\-random\fP is identical to \fB\-\-random-fully\fP.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-random-fully\fP
|
|
Packit |
7b22a4 |
Full randomize source port mapping
|
|
Packit |
7b22a4 |
If option
|
|
Packit |
7b22a4 |
\fB\-\-random-fully\fP
|
|
Packit |
7b22a4 |
is used then port mapping will be fully randomized (kernel >= 3.13).
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
IPv6 support available since Linux kernels >= 3.7.
|