diff options
Diffstat (limited to 'extensions/libipt_SAME.man')
| -rw-r--r-- | extensions/libipt_SAME.man | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libipt_SAME.man b/extensions/libipt_SAME.man new file mode 100644 index 0000000..a99dc73 --- /dev/null +++ b/extensions/libipt_SAME.man @@ -0,0 +1,17 @@ +Similar to SNAT/DNAT depending on chain: it takes a range of addresses +(`\-\-to 1.2.3.4\-1.2.3.7') and gives a client the same +source-/destination-address for each connection. +.PP +N.B.: The DNAT target's \fB\-\-persistent\fP option replaced the SAME target. +.TP +\fB\-\-to\fP \fIipaddr\fP[\fB\-\fP\fIipaddr\fP] +Addresses to map source to. May be specified more than once for +multiple ranges. +.TP +\fB\-\-nodst\fP +Don't use the destination-ip in the calculations when selecting the +new source-ip +.TP +\fB\-\-random\fP +Port mapping will be forcibly randomized to avoid attacks based on +port prediction (kernel >= 2.6.21). |