Masquerading should be used where you have a dynamic connection and the IP address is likely to change (maybe on ppp0). That way masquerading just picks up the new dynamic IP and uses that to change addresses.
SNAT has some connection tracking advantages where if your link goes down for a short while, it will remember the connections that are still open/active and continue on when the link returns (depending on timeouts etc..). Masq does not, it clears the state each time it comes up as a saveguard.
发表于 2010-4-19 13:48:08
楼主