path: root/extensions
diff options
authorMart Frauenlob <>2013-04-10 06:49:57 +0000
committerPablo Neira Ayuso <>2013-05-29 19:27:36 +0200
commit8df3c38438bb75edb480845913af77692c8a5c99 (patch)
tree44094eedf0cd785b28ffbdcb82f37b0abe87c468 /extensions
parentb8646dc9623631db3b71a5c1846566cf54a66a3a (diff)
extensions: libxt_SNAT: rename IPv4 manpage and tell about IPv6 support
This patch renames to thus informing about the IPv6 version. Also the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/ (renamed from extensions/
1 files changed, 7 insertions, 8 deletions
diff --git a/extensions/ b/extensions/
index 093b09c4..f0620a21 100644
--- a/extensions/
+++ b/extensions/
@@ -7,21 +7,18 @@ and
chains, and user-defined chains which are only called from those
chains. It specifies that the source address of the packet should be
modified (and all future packets in this connection will also be
-mangled), and rules should cease being examined. It takes one type
-of option:
+mangled), and rules should cease being examined. It takes the
+following options:
\fB\-\-to\-source\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]]
which can specify a single new source IP address, an inclusive range
-of IP addresses, and optionally, a port range (which is only valid if
-the rule also specifies
-\fB\-p tcp\fP
-\fB\-p udp\fP).
+of IP addresses. Optionally a port range,
+if the rule also specifies one of the following protocols:
+\fBtcp\fP, \fBudp\fP, \fBdccp\fP or \fBsctp\fP.
If no port range is specified, then source ports below 512 will be
mapped to other ports below 512: those between 512 and 1023 inclusive
will be mapped to ports below 1024, and other ports will be mapped to
1024 or above. Where possible, no port alteration will occur.
In Kernels up to 2.6.10, you can add several \-\-to\-source options. For those
kernels, if you specify more than one source address, either via an address
range or multiple \-\-to\-source options, a simple round-robin (one after another
@@ -44,3 +41,5 @@ Kernels prior to 2.6.36-rc1 don't have the ability to
in the
+IPv6 support available since Linux kernels >= 3.7.