RE: -j MASQUERADE

[Joe Patterson]

The two are functionally equivalent if you have a static ip address.  The difference is that if you MASQERADE the connection, then whenever a connection is made, netfilter takes a few extra processor cycles to look up the ip address of the interface that the connection is going out of.  So using MASQERADE instead of SNAT gives you (very slight) performance hit.  There's really very little difference, but if you happen to have a static IP, there's no reason not to use SNAT.   -Joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Markus Sj�str�m Sent: Friday, May 03, 2002 11:06 AM To: [EMAIL PROTECTED] Subject: -j MASQUERADE i've set my NAT up and everything is working good.   i was adviced by a friend (quite experienced with linux) to use the -j MASQUERADE command. but the howto says i should use SNAT instead if i have a static ip.   i write the following command to get my NAT to work:   "iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.255 -o eth0 -j MASQUERADE"   I would like to what the -j MASQUERADE does if i have a static ip, can something go wrong? Please make me smarter! :-)   Regards Markus