* what it is the better masquerade or SNAT
@ 2002-11-29 21:32 Administrador de Red
2002-11-30 2:10 ` Joel Newkirk
2002-11-30 5:14 ` Brandon Broyles
0 siblings, 2 replies; 3+ messages in thread
From: Administrador de Red @ 2002-11-29 21:32 UTC (permalink / raw)
To: netfilter
I has a Ip public true, I want to do a firewall, but i don
know wich I kind Should i use, masquerade or SNAT?,
someone can i help?.
thanks very well.
Thomas
Estamos en Calle 20 Numero 4110 % 41 y 47,
Miramar, Playa, Ciudad Habana, Cuba.
Telf:537(203-01-60) y (202-79-20)
Fax: 537(204-96-64)
Visitenos en: http://www.gecyt.cu
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: what it is the better masquerade or SNAT
2002-11-29 21:32 what it is the better masquerade or SNAT Administrador de Red
@ 2002-11-30 2:10 ` Joel Newkirk
2002-11-30 5:14 ` Brandon Broyles
1 sibling, 0 replies; 3+ messages in thread
From: Joel Newkirk @ 2002-11-30 2:10 UTC (permalink / raw)
To: Administrador de Red, netfilter
On Friday 29 November 2002 04:32 pm, Administrador de Red wrote:
> I has a Ip public true, I want to do a firewall, but i don
> know wich I kind Should i use, masquerade or SNAT?,
> someone can i help?.
>
> thanks very well.
MASQUERADE is only necessary if the IP is dynamic, with SNAT you must specify
the IP address to use. MASQ will work in the same situations as SNAT, but
incurs more overhead because netfilter will check the IP of the outbound
interface every time.
In my own setup, my IP is technically dynamic, but in reality it stays static
for minimum several days, usually until I manually reset the ADSL modem, so I
use SNAT. The rare times this is a problem I simply restart my firewall
script, which clips the current IP from a "ifconfig ppp0" and builds rules
with it.
I can get away with this because usually only myself and my 8-year-old
actually use the machines on my network, so if my IP changes it wouldn't
create any real problems except that he couldn't connect to disney.com or
wherever... :^) ("DADDY!! I can't get to lego.com!"..."service firewall
restart"..."Try now...")
j
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: what it is the better masquerade or SNAT
2002-11-29 21:32 what it is the better masquerade or SNAT Administrador de Red
2002-11-30 2:10 ` Joel Newkirk
@ 2002-11-30 5:14 ` Brandon Broyles
1 sibling, 0 replies; 3+ messages in thread
From: Brandon Broyles @ 2002-11-30 5:14 UTC (permalink / raw)
To: Administrador de Red; +Cc: netfilter
----- Original Message -----
From: "Administrador de Red" <admin@gecyt.cu>
To: <netfilter@lists.netfilter.org>
Sent: Friday, November 29, 2002 4:32 PM
Subject: what it is the better masquerade or SNAT
> I has a Ip public true, I want to do a firewall, but i don
> know wich I kind Should i use, masquerade or SNAT?,
> someone can i help?.
>
Using SNAT with a static IP is usually considered better. Using masquerading
requires more overhead which isn't necessary if you already know what IP you are
going to use.
Brandon Broyles
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-11-30 5:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-29 21:32 what it is the better masquerade or SNAT Administrador de Red
2002-11-30 2:10 ` Joel Newkirk
2002-11-30 5:14 ` Brandon Broyles
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox