On Sun, 2002-11-24 at 15:01, Mike Burger wrote: > On Sun, 24 Nov 2002, Rikard Bostrom wrote: > > > Hi, > > > > I was wondering if anyone could try to give me a good explaination > > on the differences between NAT and MASQUERADING? > > Good sides, bad sides etc... > > The main difference is that MASQUERADE shows all outbound connections as > coming from the same place. Ie, no matter which system, behind the > firewall, initiates a connection, the rest of the world sees it as if it > came from the firewall.
Masquerade also works for dynamic ip numbers, not so snat. It looks at the interfaces allocated ip number for each connection going out, which takes more processor time than a straight snat translation. If you drop an interface that is Masqueraded, you lose all existing connections... (very handy for dropping Kazaa & irc connections) With snat, existing connections stay alive... > > NAT is a two part deal. The part that compares to MASQ is SNAT...Source > Network Address Translation. > > If you have been granted multiple external addresses by your ISP, you can > set up the firewall to NAT one of those external addresses to a particular > internal system. Ie, xxx.xxx.xxx.1 could be the firewall's main IP, > xxx.xxx.xxx.xx2 could be an additional IP. You can set up a NAT rule that > shows all connections from internal address yyy.yyy.yyy.yyy to appear, to > the world, as xxx.xxx.xxx.2. Regards, Peter -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
