[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables: SNAT vs MASQUERADE

I'm trying to figure out some things about using MASQUERADE instead of
SNAT.  I have made some assumptions below, please correct me if I'm

1) What is the benefit of doing it this way -- not having to specify the
external IP?  If so, I guess it gets the IP from inside the kernel, like
you would normally grep 'inet addr' out of ifconfig.  Does that mean the
firewall doesn't have to be run every time the DHCP changes?

2) The docs say this will use more overhead than SNAT, since it seeks
the external IP every time a chain is traversed.  How much more
intensive is it?  Will a 486/66 with 24MB be enough for 5 LAN users?

3)  Are there any security implications using MASQUERADE instead of SNAT
(less/more secure)?

Thanks in advance,

Jeff Bonner

Reply to: