[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SNAT or MASQUERADE?



On Sun, Dec 02, 2001 at 05:05:04PM +1000, mdevin@ozemail.com.au wrote:
> I just found this in the NAT-Howto:
> ----- snip ------
> There is a specialized case of Source NAT called masquerading: it should
> only be used for dynamically-assigned IP addresses, such as standard
> dialups (for static IP addresses, use SNAT above). 
> 
> You don't need to put in the source address explicitly with
> masquerading: it will use the source address of the interface the packet
> is going out from.  But more importantly, if the link goes down, the
> connections (which are now lost anyway) are forgotten, meaning fewer
> glitches when connection comes back up with a new IP address.
> ----- snip ------
> 

	Glad you found this as I just got home and after reading the inital
post wonder'd if someone else was gonna mention this... If you have a 
dynamic IP and want the script to work no matter what you use MASQUERADE
and don't specify the IP to masq as... On the other hand if you have static
addresses that won't change then SNAT is great... 

	One drawback of masquerading over SNAT is you can't use DNAT with
masquerading... Then again without static addresses DNAT really doesn't 
make much sense...

	Jeremy





Reply to: