from the iptables man page, for both SNAT and DNAT targets,
we have the (similar) excerpts:
--to-{source|destination} ipaddr[-ipaddr][:port-port]
which can specify a single new {source|destination} address,
an inclusive range of IP addresses, and optionally, a
port range (which is only valid if the rule also specified
-p tcp or -p udp)
so, what part of that requires the protocol specifier? having
a range of IP addresses? or just having a port range? or both?
it's somewhat ambiguously worded.
rday
