| 1234567891011121314151617 |
- Similar to SNAT/DNAT depending on chain: it takes a range of addresses
- (`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same
- source-/destination-address for each connection.
- .PP
- N.B.: The DNAT target's \fB\-\-persistent\fP option replaced the SAME target.
- .TP
- \fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP]
- Addresses to map source to. May be specified more than once for
- multiple ranges.
- .TP
- \fB\-\-nodst\fP
- Don't use the destination-ip in the calculations when selecting the
- new source-ip
- .TP
- \fB\-\-random\fP
- Port mapping will be forcibly randomized to avoid attacks based on
- port prediction (kernel >= 2.6.21).
|
