This target is only valid in the

.B nat

table, in the

.B POSTROUTING

and

.B INPUT

chains, and user-defined chains which are only called from those

chains.  It specifies that the source address of the packet should be

modified (and all future packets in this connection will also be

mangled), and rules should cease being examined.  It takes the

following options:

.TP

\fB\-\-to\-source\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]

which can specify a single new source IP address, an inclusive range

of IP addresses. Optionally a port range,

if the rule also specifies one of the following protocols:

\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.

If no port range is specified, then source ports below 512 will be

mapped to other ports below 512: those between 512 and 1023 inclusive

will be mapped to ports below 1024, and other ports will be mapped to

1024 or above. Where possible, no port alteration will occur.

In Kernels up to 2.6.10, you can add several \-\-to\-source options. For those

kernels, if you specify more than one source address, either via an address

range or multiple \-\-to\-source options, a simple round-robin (one after another

in cycle) takes place between these addresses.

Later Kernels (>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges

anymore.

.TP

\fB\-\-random\fP

If option

\fB\-\-random\fP

is used then port mapping will be randomized through a hash-based algorithm (kernel >= 2.6.21).

.TP

\fB\-\-random-fully\fP

If option

\fB\-\-random-fully\fP

is used then port mapping will be fully randomized through a PRNG (kernel >= 3.14).

.TP

\fB\-\-persistent\fP

Gives a client the same source-/destination-address for each connection.

This supersedes the SAME target. Support for persistent mappings is available

from 2.6.29-rc2.

.PP

Kernels prior to 2.6.36-rc1 don't have the ability to

.B SNAT

in the

.B INPUT

chain.

.TP

IPv6 support available since Linux kernels >= 3.7.