From: "John A. Sullivan III" <John.Sullivan@nexusmgmt.com>
To: Payal Rathod <payalrathod@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: SNAT
Date: Fri, 09 Jul 2004 00:58:33 -0400 [thread overview]
Message-ID: <40EE25F9.2010806@nexusmgmt.com> (raw)
In-Reply-To: <f51b72bc04070820577fd223df@mail.gmail.com>
Payal Rathod wrote:
> Hi,
> While reading man page of iptables I stumbled in MASQUERADE section,
>
> | This target is only valid in the nat table, in the POSTROUTING chain.
> | It should only be used with dynamically assigned IP (dialup) connec-
> | tions: if you have a static IP address, you should use the SNAT target.
>
> Can someone explain please why this is not valid when I am using a
> permanent conneciton terminating at say eth0 and also a small example
> on how SNAT can be used in the place?
>
> Thanks a lot in advance.
> With warm regards,
> Payal
It is indeed valid, it is just slower than SNAT. MASQUERADE must look
up the address for each packet it alters (or so I believe). That is why
it can be used on connections which do not have a static IP address. If
one has a static IP address, one can save the overhead by using SNAT.
You'll find an excellent tutorial by Oskar Andreasson at
http://www.netfilter.org in the tutorials section. You can also find a
training slide show in the training section at
http://iscs.sourceforge.net. Good luck - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
next prev parent reply other threads:[~2004-07-09 4:58 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-09 3:57 SNAT Payal Rathod
2004-07-09 4:58 ` John A. Sullivan III [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-02-22 2:04 SNAT cc
2012-02-22 7:47 ` SNAT SamLT
2007-10-09 18:47 SNAT Chad Eldridge
2007-10-09 19:47 ` SNAT Grant Taylor
2005-05-02 15:32 snat Marco Berizzi
2005-05-02 15:53 ` snat Jason Opperisano
2005-05-03 13:58 ` snat Marco Berizzi
2005-05-02 16:07 ` snat Taylor, Grant
2005-05-02 16:14 ` snat Jason Opperisano
2005-05-02 2:52 ` snat Ken Hilliard
2005-05-02 18:04 ` snat Charlie Brady
2005-05-02 18:06 ` snat Jason Opperisano
2005-05-02 3:14 ` snat Ken Hilliard
2003-07-08 0:21 SNAT David Busby
2003-04-25 17:45 SNAT Andy Wood
2003-04-03 18:34 SNAT Daniel Chemko
2003-04-06 10:52 ` SNAT Rio Martin.
2003-04-06 21:49 ` SNAT Daniel Chemko
[not found] <20030403102302.5858.91445.Mailman@kashyyyk>
2003-04-03 10:29 ` SNAT Rio Martin.
2002-11-13 11:21 SNAT Rob Sterenborg
2002-11-13 13:26 ` SNAT Breno Cardoso Perucchi
2002-11-13 13:48 ` SNAT Rob Sterenborg
2002-11-13 16:33 ` SNAT Luis Fernando Barrera
2002-11-12 18:38 MS Messenger Aaron Clausen
2002-11-12 19:53 ` SNAT Breno Cardoso Perucchi
2002-11-12 21:01 ` SNAT Rob Sterenborg
2002-11-12 21:29 ` SNAT Antony Stone
2002-11-12 21:47 ` SNAT Luis Fernando Barrera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40EE25F9.2010806@nexusmgmt.com \
--to=john.sullivan@nexusmgmt.com \
--cc=netfilter@lists.netfilter.org \
--cc=payalrathod@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.