[Firehol-support] masquerade vs. snat
Costa Tsaousis
costa at tsaousis.gr
Sun Nov 6 09:05:23 CET 2005
Carlos Rodrigues wrote:
>Hi!
>
>So, I heard that SNAT is more efficient than MASQUERADE when the
>gateway machine has a static address, so I proceeded to change my
>firehol.conf from...
>
>masquerade ${world_iface} src "${internal_network1} ${internal_network2}"
>
>to...
>
>snat to ${gw_address} outface ${world_iface} src "${internal_network1}
>${internal_network2}"
>
>However, this doesn't work. AFAIK, both lines seem to do the same
>thing, but masquerade works, and snat doesn't.
>
>
>
What you describe cannot be happening. Could you please check the packet
counter in the output of
iptables -nxvL -t nat
or add a log parameter to you statement and check the logs for packets
matching.
If you don't have packets matching, the problem is elsewere...
Costa
More information about the Firehol-support
mailing list