--- "Dileep M. Kumar" dileep@gmx.net wrote:
On Tue, Jun 15, 2004 at 09:52:07PM -0700, Animesh Singh wrote:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
Instead of MASQUERADE use SNAT. IAC, MASQUERADE is meant for non static ips like dialup, dhcp etc.
<snip> MASQUERADE is intended for use with dynamic addresses. The other thing that it does differently is that if the link goes down, entries in the nat table will be dropped with MASQUERADE. If you're using SNAT, the entries stay in the table in case the link comes back up momentarily. This makes sense for MASQUERADE, because when the link comes back up, the address will (could) be different anyway, so the connections won't ever be resumed.
SNAT use more overhead, since it seeks the external IP every time a chain is traversed.
Regards, Animesh.
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail