evg@evg ~ $man 8 iptables|colcrt|egrep -A20 '^...SNAT' SNAT This target is only valid in the nat table, in the POSTROUTING chain. It specifies that the source address of the packet should be modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes one type of option: --to-source ipaddr[-ipaddr][:port[-port]] ------ ------ ---- ---- which can specify a single new source IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then source ports below 512 will be mapped to other ports below 512: those between 512 and 1023 inclusive will be mapped to ports below 1024, and other ports will be mapped to 1024 or above. Where possible, no port alter‐ ation will In Kernels up to 2.6.10, you can add several --to-source options. For those kernels, if you specify more than one source address, either via an address range or multiple --to-source options, a simple round-robin (one after another in cycle) takes evg@evg ~ $rpm -qf /usr/share/man/man8/iptables.8.bz2 iptables-1.4.10-alt1 Видно, что предложение ("no port alteration will") обрывается на середине. Похоже на ошибку генерирования.
iptables-1.4.13-alt1 -> sisyphus: * Fri May 25 2012 Dmitry V. Levin <ldv@altlinux> 1.4.13-alt1 - Updated to v1.4.13-6-gc022454 (closes: #26540, #27208). - Moved shared libraries to libiptables subpackage. - Renamed iptables-devel subpackage to libiptables-devel. - Merged most of IPv6 support files to the main subpackage. - Dropped libiptc.so.0, turned libiptc.so into a linker script.
OK.
