I'm trying to figure out some things about using MASQUERADE instead of SNAT. I have made some assumptions below, please correct me if I'm wrong.
1) What is the benefit of doing it this way -- not having to specify the external IP? If so, I guess it gets the IP from inside the kernel, like you would normally grep 'inet addr' out of ifconfig. Does that mean the firewall doesn't have to be run every time the DHCP changes? 2) The docs say this will use more overhead than SNAT, since it seeks the external IP every time a chain is traversed. How much more intensive is it? Will a 486/66 with 24MB be enough for 5 LAN users? 3) Are there any security implications using MASQUERADE instead of SNAT (less/more secure)? Thanks in advance, Jeff Bonner
