man: DNAT: Describe shifted port range feature

This wasn't mentioned anywhere. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2022-01-12 02:06:38 +0100
committer: Phil Sutter <phil@nwl.cc> 2022-04-08 18:00:42 +0200
commit: 08c14fa6370bdf986476477075d43b4bcc0d26aa (patch)
tree: 88fbc4a648e92617a2b7d33ac017b30b3695a53e /extensions
parent: 24fff5d7de02ac4dcd288565f1527028a797fad5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/extensions/libxt_DNAT.man b/extensions/libxt_DNAT.man
index c3daea9a..e044c821 100644
--- a/extensions/libxt_DNAT.man
+++ b/extensions/libxt_DNAT.man
@@ -10,7 +10,7 @@ should be modified (and all future packets in this connection will
 also be mangled), and rules should cease being examined.  It takes the
 following options:
 .TP
-\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
+\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP[\fB/\fIbaseport\fP]]]
 which can specify a single new destination IP address, an inclusive
 range of IP addresses. Optionally a port range,
 if the rule also specifies one of the following protocols:
@@ -18,6 +18,9 @@ if the rule also specifies one of the following protocols:
 If no port range is specified, then the destination port will never be
 modified. If no IP address is specified then only the destination port
 will be modified.
+If \fBbaseport\fP is given, the difference of the original destination port and
+its value is used as offset into the mapping port range. This allows to create
+shifted portmap ranges and is available since kernel version 4.18.
 .TP
 \fB\-\-random\fP
 If option
author	Phil Sutter <phil@nwl.cc>	2022-01-12 02:06:38 +0100
committer	Phil Sutter <phil@nwl.cc>	2022-04-08 18:00:42 +0200
commit	08c14fa6370bdf986476477075d43b4bcc0d26aa (patch)
tree	88fbc4a648e92617a2b7d33ac017b30b3695a53e /extensions
parent	24fff5d7de02ac4dcd288565f1527028a797fad5 (diff)