On Tuesday 02 July 2002 22:18, Antony Stone wrote: > On Tuesday 02 July 2002 9:13 pm, Jan Humme wrote: > > Ain't this what masquerading is all about? > > > > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > Are you asking about the difference between MASQUERADE and SNAT ?
No, I just wanted to point out that masquerading provides an easy way to get the desired results. > If so, the answer's not a lot, except: > > 1. MASQUERADE checks the address of the interface for each packet it > translates, therefore it's better for interfaces with dynamic addresses. > > 2. MASQUERADE checks the address of the interface for each packet it > translates, therefore it's slightly less efficient for interfaces with > static addresses. Hey! I didn't realize that, thank you. On the other hand, taking into consideration the elegance of a one-line masquerading rule (one test) vs. your 4-line solution (more tests), would you still argue that a masquerading solution is less efficient? Jan Humme.
