Extend the description of ports to cover ranges and shifted ranges, and
add an example of the latter.
Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
doc/statements.txt | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/doc/statements.txt b/doc/statements.txt
index b2794bcd6821..3dd3b98b6cb1 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -362,7 +362,7 @@ ____
*redirect* [*to :*'PORT_SPEC'] ['FLAGS']
'ADDR_SPEC' := 'address' | 'address' *-* 'address'
-'PORT_SPEC' := 'port' | 'port' *-* 'port'
+'PORT_SPEC' := 'port' | 'port' *-* 'port' | 'port' *-* 'port' */* 'port'
'FLAGS' := 'FLAG' [*,* 'FLAGS']
'FLAG' := *persistent* | *random* | *fully-random*
@@ -405,7 +405,10 @@ You may specify a mapping to relate a list of tuples composed of arbitrary
expression key with address value. |
ipv4_addr, ipv6_addr, e.g. abcd::1234, or you can use a mapping, e.g. meta mark map { 10 : 192.168.1.2, 20 : 192.168.1.3 }
|port|
-Specifies that the source/destination port of the packet should be modified. |
+Specifies that the source/destination port of the packet should be modified. If
+a range is given, the new port will be chosen from within that range. If a base
+offset is also given, the offset of the new port in the range will match the
+offset of the old port from the specified base.|
port number (16 bit)
|===============================
@@ -437,6 +440,10 @@ add rule nat postrouting oif eth0 snat to 1.2.3.4
# redirect all traffic entering via eth0 to destination address 192.168.1.120
add rule nat prerouting iif eth0 dnat to 192.168.1.120
+# redirect all traffic for address 10.0.0.1 and ports 2000-3000 to destination
+# address 10.10.0.1 and the port at the matching offset in 12000-13000
+add rule nat prerouting ip daddr 10.0.0.1 tcp dport 2000-3000 dnat to 10.10.0.1:12000-13000/2000
+
# translate source addresses of all packets leaving via eth0 to whatever
# locally generated packets would use as source to reach the same destination
add rule nat postrouting oif eth0 masquerade
--
2.39.2
