Manualshelf

Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS
31323334353637383940
28 Cyclades ACS 5000 Advanced Console Server Command Reference Guide
user-defined chains which are only called from those chains. Several options control the nature of
the error packet returned.
SNAT (NAT table only, IPv4 only)
This target is only valid in the nat table, in the POSTROUTING chain. It specifies that the source
address of the packet should be modified (and all future packets in this connection are also
mangled) and rules should cease being examined. It takes one option.
DNAT (NAT table only, IPv4 only)
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains and user-
defined chains which are only called from those chains. It specifies that the destination address of
Table 2.16: LOG Extension
LOG extension Description
--reject-with type The type given may be icmp-net-unreachable, icmp-host-unreachable, icmp-port-
unreachable, icmp-proto-unreachable, icmp-net-prohibited or icmp-host-
prohibited, which return the appropriate ICMP error message (port-unreachable is
the default). The option echo-reply is also allowed; it may only be used for rules
which specify an ICMP ping packet and generates a ping reply. Finally, the option
tcp-reset may be used on rules which only match the TCP protocol. This causes a
TCP RST packet to be sent back. This is mainly useful for blocking ident probes
which frequently occur when sending mail to broken mail hosts (which won't
accept your mail otherwise).
NOTE: For IPv6 configurations, ICMPv6 types apply (such as icmpv6-net-
unreachable).
Table 2.17: SNAT Target
SNAT target Description
--to-source <ipaddr>[-
<ipaddr>][:port-port]
This may specify a single new source IP address, an inclusive range of IP
addresses and optionally, a port range (which is only valid if the rule also
specifies -p tcp or -p udp). If no port range is specified, then source ports
below 1024 are mapped to other ports below 1024. Those between 1024
and 1023 inclusive are mapped to ports below 1024 and other ports are
mapped to 1024 or above. Where possible, no port alteration occurs.