Re: -j MASQUERADE

[Chris Hoeschen]

I am not really sure what the masq does different but I only can assume it will look to see what you current IP address is first and then SNAT with that.  This can take more time/processes if you have a lot of traffic and is needless if your internet IP address never changes.  To use the SNAT rule just replace the -j MASQUERADE with -j SNAT --to-source $EXT_IP   Also looking at your command if you only want one IP address you don't need to specify the mask just the IP address.  Also if you change it to -s 192.168.0.0/24 it will allow any source address from 192.168.0.x.   iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.255 -o eth0 -j MASQUERADE" ----- Original Message ----- From: Markus Sj�str�m To: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 10:05 AM Subject: -j MASQUERADE i've set my NAT up and everything is working good.   i was adviced by a friend (quite experienced with linux) to use the -j MASQUERADE command. but the howto says i should use SNAT instead if i have a static ip.   i write the following command to get my NAT to work:   "iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.255 -o eth0 -j MASQUERADE"   I would like to what the -j MASQUERADE does if i have a static ip, can something go wrong? Please make me smarter! :-)   Regards Markus