From 08c14fa6370bdf986476477075d43b4bcc0d26aa Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 12 Jan 2022 02:06:38 +0100 Subject: man: DNAT: Describe shifted port range feature This wasn't mentioned anywhere. Signed-off-by: Phil Sutter --- extensions/libxt_DNAT.man | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libxt_DNAT.man b/extensions/libxt_DNAT.man index c3daea9a..e044c821 100644 --- a/extensions/libxt_DNAT.man +++ b/extensions/libxt_DNAT.man @@ -10,7 +10,7 @@ should be modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes the following options: .TP -\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP]] +\fB\-\-to\-destination\fP [\fIipaddr\fP[\fB\-\fP\fIipaddr\fP]][\fB:\fP\fIport\fP[\fB\-\fP\fIport\fP[\fB/\fIbaseport\fP]]] which can specify a single new destination IP address, an inclusive range of IP addresses. Optionally a port range, if the rule also specifies one of the following protocols: @@ -18,6 +18,9 @@ if the rule also specifies one of the following protocols: If no port range is specified, then the destination port will never be modified. If no IP address is specified then only the destination port will be modified. +If \fBbaseport\fP is given, the difference of the original destination port and +its value is used as offset into the mapping port range. This allows to create +shifted portmap ranges and is available since kernel version 4.18. .TP \fB\-\-random\fP If option -- cgit v1.2.3