On Wednesday 2005-November-09 09:23, Pablo Sanchez wrote:
> When you say the SNAT target is better. Can you quantify 'better?'
> Are there any functional limitations overcome by SNAT over the
> MASQUERADE target?
Ooooh, I was afraid someone might ask that. Unfortunately I am only
parroting the party line. From "MASQUERADE" in "man iptables":
MASQUERADE
This target is only valid in the nat table, in the POSTROUTING
chain. It should only be used with dynamically assigned IP
(dialup) connections: if you have a static IP address, you
should use the SNAT target.
Perhaps someone else can explain why. I think one benefit of SNAT is
that a SNAT'ed TCP connection can survive a router reset. That's
important to me, because sometimes I leave ssh sessions open for weeks
at a time.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
