Henrik Nordstrom wrote:
On Mon, 22 Nov 2004, Peter Volkov Alexandrovich wrote:
Yes. I think it's a bit excessive to use ip utitlity to add additional
address
to interface and then to use iptables to make DNAT and SNAT to map
LAN's ip
address on external internet's ip address.
iptables NAT does not require any additional IP addresses not required
for Route NAT. Your only need to add IP addresses if this is your means
to get the surrounding network to route the required packets to the box.
It's much more naturally to use two commands with ip utility and route
nat.
Just one direction DNAT (ip route add nat ...) and another direction
SNAT (ip
rule add nat ...). Very simple.
iptables NAT is not much different in this respect.
except that it requires the whole conntrack stuff.
iproute2 nat for full NAT is far less cumbersome.
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
