> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of /dev/rob0 > Sent: Wednesday, November 09, 2005 10:52 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: SNAT vs MASQUERADE ... RE: ftp conntrack - nat problem > > > On Wednesday 2005-November-09 09:23, Pablo Sanchez wrote: > > When you say the SNAT target is better. Can you quantify 'better?' > > Are there any functional limitations overcome by SNAT over the > > MASQUERADE target? > > Ooooh, I was afraid someone might ask that. :) > I think one benefit of SNAT is > that a SNAT'ed TCP connection can survive a router reset. That's > important to me, because sometimes I leave ssh sessions open for weeks > at a time. I just switched from the SNAT to the MASQUERADE target and so far (knock on wood - my head in this case!) I haven't seen an issue with router resets. I'm very curious to know if there are any differences (aside from knowing the IP ahead of time versus not). Cheers, -pablo
