| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Similar to SNAT/DNAT depending on chain: it takes a range of addresses |
| 2 | (`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same |
| 3 | source-/destination-address for each connection. |
| 4 | .TP |
| 5 | \fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP] |
| 6 | Addresses to map source to. May be specified more than once for |
| 7 | multiple ranges. |
| 8 | .TP |
| 9 | \fB\-\-nodst\fP |
| 10 | Don't use the destination-ip in the calculations when selecting the |
| 11 | new source-ip |
| 12 | .TP |
| 13 | \fB\-\-random\fP |
| 14 | Port mapping will be forcibly randomized to avoid attacks based on |
| 15 | port prediction (kernel >= 2.6.21). |