Hi,
MASQUERADE has some problems:
1) it is slower than SNAT
2) it has bugs if used in combination with ip rules (see http://lists.netfilter.org/pipermail/netfilter/2005-January/057933.html)
So I would love to have a way to have a dynamic interface, define a NAT policy for it but have the iptables create a SNAT rule instead:
$IPTABLES -t nat -A POSTROUTING -oppp0 -s 192.168.1.0/24...
2009-07-30 13:57:37 UTC in Firewall Builder