On Tuesday 02 July 2002 9:47 pm, Jan Humme wrote: > On Tuesday 02 July 2002 22:18, Antony Stone wrote: > > On Tuesday 02 July 2002 9:13 pm, Jan Humme wrote: > > > Ain't this what masquerading is all about? > > > > > > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > 1. MASQUERADE checks the address of the interface for each packet it > > translates, therefore it's better for interfaces with dynamic addresses. > > > > 2. MASQUERADE checks the address of the interface for each packet it > > translates, therefore it's slightly less efficient for interfaces with > > static addresses. > > On the other hand, taking into consideration the elegance of a one-line > masquerading rule (one test) vs. your 4-line solution (more tests), would > you still argue that a masquerading solution is less efficient?
Masquerading is slightly less efficient for every single packet which goes through the machine. Anyway, the masquerading rule only substitutes for the SNAT rule - the other three I proposed are still needed. Antony
