Re: [tlug] iptables and port-forwarding concerns

[David Santinoli <u235@example.com>]

On Wed, Apr 21, 2004 at 07:32:53PM -0400, Josh Glover wrote:
> > > 4) Given that I have a static public IP address, is IP
> > > masquerading the right solution for distributing the Internet
> > > connection to the LAN or should I be looking at full NAT instead
> > > in the first place?
> >
> > I'm not sure I got this right: are you just wondering whether you can
> > substitute "-j SNAT" for "-j MASQUERADE", or is there more?
> 
> Nope, SNAT works like this:
> 
> iptables -A POSTROUTING -o eth0 -j SNAT --to-source <your firewall's IP>

I know.  I didn't mean to imply that one can just literally
s/-j MASQUERADE/-j SNAT/ and keep the rest of the rule intact; rather,
I was supposing that Godwin knew about the substantial equivalence of
the two forms, apart from the syntax, and therefore his question had
some obscure implications I couldn't see. :-)

Cheers,
 David
-- 
 David Santinoli, Milano             +   <david@example.com>
 Independent Linux/Unix consultant   +   http://www.santinoli.com