I am trying to figure out which is the best way to do some masquerading of my internal LAN. Now after reading the howtos it seems it is possible to use SNAT or MASQUERADE. The document says you should use MASQUERADE if you are on a dynamic IP address (which I am). However, I can easily determine my IP address for my firewall script and do exactly this anyway. So I would think that either option is open. Also the document says that SNAT is more efficient because it says that MASQUERADE has to look up the IP address _each_ time. So to give some fixed examples: I thought I could use rules like this: INET_IP=`ifconfig $EXT_IF | grep inet | cut -d : -f 2 | cut -d \ -f 1` iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $INET_IP or I could use a rule like this: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Which would be the best way in terms of efficiency and security? Regards. Mark.
Attachment:
pgphiqAWiLgRX.pgp
Description: PGP signature