* Differences between MASQ and SNAT
@ 2004-02-09 12:42 Jimmy Hedman
2004-02-10 1:04 ` Henrik Nordstrom
0 siblings, 1 reply; 3+ messages in thread
From: Jimmy Hedman @ 2004-02-09 12:42 UTC (permalink / raw)
To: Netfilter Mailing List; +Cc: netfilter-devel
Hi,
What's the REAL differences between MASQ and SNAT? I've had a problem
where it didn't work with SNAT but it did work with MASQ...
The setup was two firewalls (A and B) with a Ipsec tunnel between them
and and another VPN onward from B. The old setup was to masquerade all
the traffic from site A, even the traffic out on the VPN between FW A
and FW B. Due to some other changes i had to remove the masquerade for
traffic the over the VPN and do SNAT on FW B instead. This worked for
everything but one machine. If i turned on MASQ for that machine on FW A
everything worked again which made me puzzled what MASQ is doing that
SNAT isn't.
So, does MASQ do anything that SNAT doesn't in form of changing the
header or such? Or should i find the answer in the Windows machine that
was putting up the fight?
// Jimmy
--
Jimmy Hedman South Pole AB
Phone: +46 8 51420420 Gelbjutarvägen 5
Fax: +46 8 51420429 SE - 17148 Solna
e-mail: jimmy.hedman@southpole.se www.southpole.se
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Differences between MASQ and SNAT
2004-02-09 12:42 Differences between MASQ and SNAT Jimmy Hedman
@ 2004-02-10 1:04 ` Henrik Nordstrom
0 siblings, 0 replies; 3+ messages in thread
From: Henrik Nordstrom @ 2004-02-10 1:04 UTC (permalink / raw)
To: Jimmy Hedman; +Cc: Netfilter Mailing List, netfilter-devel
On Mon, 9 Feb 2004, Jimmy Hedman wrote:
> What's the REAL differences between MASQ and SNAT?
MASQ kills the connections whenthe IP address of the interface changes,
SNAT does not.
MASQ is limited in what kind of NAT transform it can perform. SNAT gives
some more freedom in what addresses is used for the NAT.
Other than this the two are supposed to be the same, and I do not see how
they can be any different as all the targets does is to set up the NAT
transform. The actual NAT is always the same.
Regards
Henrik
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Differences between MASQ and SNAT
@ 2004-02-10 1:04 ` Henrik Nordstrom
0 siblings, 0 replies; 3+ messages in thread
From: Henrik Nordstrom @ 2004-02-10 1:04 UTC (permalink / raw)
To: Jimmy Hedman; +Cc: Netfilter Mailing List, netfilter-devel
On Mon, 9 Feb 2004, Jimmy Hedman wrote:
> What's the REAL differences between MASQ and SNAT?
MASQ kills the connections whenthe IP address of the interface changes,
SNAT does not.
MASQ is limited in what kind of NAT transform it can perform. SNAT gives
some more freedom in what addresses is used for the NAT.
Other than this the two are supposed to be the same, and I do not see how
they can be any different as all the targets does is to set up the NAT
transform. The actual NAT is always the same.
Regards
Henrik
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-02-10 1:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-09 12:42 Differences between MASQ and SNAT Jimmy Hedman
2004-02-10 1:04 ` Henrik Nordstrom
2004-02-10 1:04 ` Henrik Nordstrom
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.