path: root/extensions/
diff options
authorMart Frauenlob <>2013-04-10 06:47:07 +0000
committerPablo Neira Ayuso <>2013-05-29 19:26:59 +0200
commit11965180ba6f278fea81f55a3aa48c8f7c667142 (patch)
tree7d63aa05b6bb3e87c632fb00f8d0eaec9ac6296f /extensions/
parenta17d7fdf4fd8da8b41e67f02c8b8b371c2daa619 (diff)
extensions: libxt_DNAT: rename IPv4 manpage and tell about IPv6 support
This patch renames to thus informing about the IPv6 version, as suggested by Patrick McHardy. Also, it updates the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions/')
1 files changed, 38 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..225274ff
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,38 @@
+This target is only valid in the
+.B nat
+table, in the
+chains, and user-defined chains which are only called from those
+chains. It specifies that the destination address of the packet
+should be modified (and all future packets in this connection will
+also be mangled), and rules should cease being examined. It takes the
+following options:
+\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
+which can specify a single new destination IP address, an inclusive
+range of IP addresses. Optionally a port range,
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
+If no port range is specified, then the destination port will never be
+modified. If no IP address is specified then only the destination port
+will be modified.
+In Kernels up to 2.6.10 you can add several \-\-to\-destination options. For
+those kernels, if you specify more than one destination address, either via an
+address range or multiple \-\-to\-destination options, a simple round-robin (one
+after another in cycle) load balancing takes place between these addresses.
+Later Kernels (>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges
+If option
+is used then port mapping will be randomized (kernel >= 2.6.22).
+Gives a client the same source-/destination-address for each connection.
+This supersedes the SAME target. Support for persistent mappings is available
+from 2.6.29-rc2.
+IPv6 support available since Linux kernels >= 3.7.