MASQUERADE vs. SNAT
Harald Welte
laforge@gnumonks.org
Wed, 30 May 2001 12:43:44 -0300
On Wed, May 30, 2001 at 01:59:28PM +0200, Alexander W. Janssen wrote:
> Hi,
>
> the practical difference is, that MASQUERADE can only map several ports
> where SNAT can map to IP and ports together.
? There is no difference between MASQUERADE and SNAT, but ...
> Another point is that you assign a interface to the MASQUERADE-target (where
> the actual IP doesn't matter), SNAT uses a specific IP which you have to know
> beforehand (not possible with dynamic assigned IP's).
... this. This is also explained in some of the documents (NAT-HOWTO, if i
remember correctly). In addition, all existing conntrack/nat mappings
are deleted, once a interface goes down / comes up, when you use the
MASQUERADE target.
> The more deeper difference is afaik that the MASQUERADE-ocde uses NAT-helpers
> to handle weird protocols like ICQ. I'm not quite sure, but i think that's
> it.
???? MASQUERADE and SNAT don't doo too much at all. they just set up a
NAT mapping. Everything else is handled by the NAT core, which is generic
and used for MASQUERADE, SNAT, DNAT, SAME, BALANCE, ...
So there is _no_ difference with regart to NAT helpers.
> Hope i'm not talking complete bullsh*t, i'm allways open for useful criticism.
ok :) see above.
> Cheers, Alex.
--
Live long and prosper
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)