diff options
author | Patrick McHardy <kaber@trash.net> | 2012-08-22 12:27:10 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-09-10 11:55:14 +0200 |
commit | 0e37f00980eb6b4fc2c5f979cc5fa83c0fff9d30 (patch) | |
tree | 7b1f04cc4cd38fe1c87e31a067af49c5de457d82 /extensions/libip6t_MASQUERADE.man | |
parent | e62f426c7ead7c0025d15860df97426db6509942 (diff) |
extensions: add IPv6 MASQUERADE extension
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libip6t_MASQUERADE.man')
-rw-r--r-- | extensions/libip6t_MASQUERADE.man | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/extensions/libip6t_MASQUERADE.man b/extensions/libip6t_MASQUERADE.man new file mode 100644 index 00000000..c63d826b --- /dev/null +++ b/extensions/libip6t_MASQUERADE.man @@ -0,0 +1,30 @@ +This target is only valid in the +.B nat +table, in the +.B POSTROUTING +chain. It should only be used with dynamically assigned IPv6 (dialup) +connections: if you have a static IP address, you should use the SNAT +target. Masquerading is equivalent to specifying a mapping to the IP +address of the interface the packet is going out, but also has the +effect that connections are +.I forgotten +when the interface goes down. This is the correct behavior when the +next dialup is unlikely to have the same interface address (and hence +any established connections are lost anyway). +.TP +\fB\-\-to\-ports\fP \fIport\fP[\fB\-\fP\fIport\fP] +This specifies a range of source ports to use, overriding the default +.B SNAT +source port-selection heuristics (see above). This is only valid +if the rule also specifies +\fB\-p tcp\fP +or +\fB\-p udp\fP. +.TP +\fB\-\-random\fP +Randomize source port mapping +If option +\fB\-\-random\fP +is used then port mapping will be randomized. +.RS +.PP |