Payal Rathod wrote:
It is indeed valid, it is just slower than SNAT. MASQUERADE must look up the address for each packet it alters (or so I believe). That is why it can be used on connections which do not have a static IP address. If one has a static IP address, one can save the overhead by using SNAT.Hi, While reading man page of iptables I stumbled in MASQUERADE section,
| This target is only valid in the nat table, in the POSTROUTING chain. | It should only be used with dynamically assigned IP (dialup) connec- | tions: if you have a static IP address, you should use the SNAT target.
Can someone explain please why this is not valid when I am using a permanent conneciton terminating at say eth0 and also a small example on how SNAT can be used in the place?
Thanks a lot in advance. With warm regards, Payal
You'll find an excellent tutorial by Oskar Andreasson at http://www.netfilter.org in the tutorials section. You can also find a training slide show in the training section at http://iscs.sourceforge.net. Good luck - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@xxxxxxxxxxxxx
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
