http://lists.debian.org/debian-firewall/2002/02/msg00020.html
MASQUERADE is intended for use with dynamic addresses. The other
thing that it does differently is that if the link goes down, entries in
the nat table will be dropped with MASQUERADE. If you're using SNAT, the
entries stay in the table in case the link comes back up momentarily.
This makes sense for MASQUERADE, because when the link comes back up,
the address will (could) be different anyway, so the connections won't
ever be resumed.
On 12/1/06, Peter Hardy [EMAIL PROTECTED] wrote:
John Clarke wrote:
I should have also said that if the dual-homed host has a static address
on eth1 then you should use SNAT instead of MASQUERADE:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT \
--to-source 10.0.0.1
Something that I've always wondered about, but never taken the time to
investigate: why is SNAT preferable to MASQUERADE?
--
Pete
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
There is nothing more worthy of contempt than a man who quotes himself
- Zhasper, 2004
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
