• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This target is only valid in the
2.B nat
3table, in the
4.B POSTROUTING
5chain.  It should only be used with dynamically assigned IP (dialup)
6connections: if you have a static IP address, you should use the SNAT
7target.  Masquerading is equivalent to specifying a mapping to the IP
8address of the interface the packet is going out, but also has the
9effect that connections are
10.I forgotten
11when the interface goes down.  This is the correct behavior when the
12next dialup is unlikely to have the same interface address (and hence
13any established connections are lost anyway).
14.TP
15\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP]
16This specifies a range of source ports to use, overriding the default
17.B SNAT
18source port-selection heuristics (see above).  This is only valid
19if the rule also specifies one of the following protocols:
20\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
21.TP
22\fB\-\-random\fP
23Randomize source port mapping
24If option
25\fB\-\-random\fP
26is used then port mapping will be randomized (kernel >= 2.6.21).
27Since kernel 5.0, \fB\-\-random\fP is identical to \fB\-\-random-fully\fP.
28.TP
29\fB\-\-random-fully\fP
30Full randomize source port mapping
31If option
32\fB\-\-random-fully\fP
33is used then port mapping will be fully randomized (kernel >= 3.13).
34.TP
35IPv6 support available since Linux kernels >= 3.7.
36