On Fri, Oct 29, 2010 at 11:50 AM, Steve Holdoway <[email protected]> wrote: > It's generally regarded that SNAT should be used in preference to > MASQUERADE as it has a memory - so it's safe to quickly > disconnect/reconnect cables, etc.
SNAT (static NAT) probably should be used where you are building a tightly controlled network, as all packets matching the criteria you specify will end up with the exact source IP that you specify. As you say, MASQUERADE will drop *all* state if the interface goes down, even briefly. However MASQ doesn't need you to specify any additional settings, and is therefore quite 'user friendly' while debugging problems. You don't have to know the address of your outbound interface, which is valuable in situations where DHCP may have been allocating addresses. In a virtual environment, you're unlikely to be downing interfaces, and the "smallest config that works" is a useful thing in its own right. However, the difference is worth mentioning, thanks. -jim _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
