Red Hat Enterprise Linux 5 Administration Unleashed

Using IPTables Target Extensions 499SNATModify the source address of the packet and all new packets from the same connection.Do not process any more rules. Must be used in combination with the nattable in the POSTROUTING chain.--to-source -:-Define a new source IP or a range for the new source IP. Optionally, provide aport range, which can only be used with -p tcp or -p udp. If a port range is notdefined, ports below 512 are changed to ports below 512, ports from 512 to 1023are mapped to ports below 1024, and all other ports are mapped to port 1024and above.TARPITWithout using local per-connection resources, capture and hold incoming TCPconnections. After connections are accepted, they are instantly changed to thepersist state so the remote side stops sending data but continues requests every60 to 240 seconds. Requests to close the connection are not accepted, whichcauses the connection to time out in 12 to 24 minutes.24TCPMSSUsed to control the maximum connection size. Alter the MSS value of TCP SYNpackets. Only valid with -p tcp in the mangle table.--set-mss Set MSS to defined value.--clamp-mss-to-pmtuClamp MSS value to 40 less than path_MTU.TOSSet the 8-bit TOS field in IP header. Only works with the mangle table.--set-tos Numerical value of TOS to use or the TOS name. Use the iptables -j TOS -hcommand to retrieve a list of TOS names.TRACEEnable packet tracing for packets that match the rule.TTLChange the IP version 4 TTL (Time To Live) header field, which defines how manytimes a packet can be re-routed before its time to live expires. Must be used inconjunction with the mangle table. Dangerous. Use with extreme caution.--ttl-set