1This target is only valid in the 2.B nat 3table, in the 4.B POSTROUTING 5chain. It should only be used with dynamically assigned IP (dialup) 6connections: if you have a static IP address, you should use the SNAT 7target. Masquerading is equivalent to specifying a mapping to the IP 8address of the interface the packet is going out, but also has the 9effect that connections are 10.I forgotten 11when the interface goes down. This is the correct behavior when the 12next dialup is unlikely to have the same interface address (and hence 13any established connections are lost anyway). 14.TP 15\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP] 16This specifies a range of source ports to use, overriding the default 17.B SNAT 18source port-selection heuristics (see above). This is only valid 19if the rule also specifies one of the following protocols: 20\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP. 21.TP 22\fB\-\-random\fP 23Randomize source port mapping 24If option 25\fB\-\-random\fP 26is used then port mapping will be randomized (kernel >= 2.6.21). 27Since kernel 5.0, \fB\-\-random\fP is identical to \fB\-\-random-fully\fP. 28.TP 29\fB\-\-random-fully\fP 30Full randomize source port mapping 31If option 32\fB\-\-random-fully\fP 33is used then port mapping will be fully randomized (kernel >= 3.13). 34.TP 35IPv6 support available since Linux kernels >= 3.7. 36