Le lun 17/11/2003 à 15:18, Antony Stone a écrit : > My understanding is that SNAT is marginally more efficient than MASQUERADE > because the address to be susbstituted is fixed in the SNAT rule, whereas > with MASQUERADE the rule needs to look up the address of the interface before > it knows what to replace into the packet. There's another advantage in using SNAT instead of MASQUERADE. When you use MASQUERADE, nated connections are bound to output interface. If it gets down, all theses connections will get flushed. With SNAT, there's no interface dependency of this kind. At home, I have a PPPoE DSL access. When I had a dynamic IP, I was setting SNAT rule using pppd ip-up script. So when the PPP link get up and down, I don't loose my current connections. I used to lose them using MASQUERADE. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
