This is really a continuation of a thread "Lan to Wan reprise" but with a diverging topic. Perhaps someone who didn't follow the first thread may pick up on this subject line and offer an explanation. I recently have had to configure the same Linux box in two different locations. This machine is serving as a router, web gateway, dhcp controller for my lan, and web server, among other things. I had a huge hassle configuring the first time, because the iptables manual, and numerous tutorials I used on the net all said to configure my iptables with SNAT to allow access to the net from inside the lan. FC3's iptables manual is explicit about this: SNAT is for use with static IP addresses and MASQUERADE is for use with dynamic ones, they cite dialup. Despite this, after many hassles, I believe it was Scot H who suggested I had to implement MASQUERADE, even in my configuration. The same problem just reoccurred at home. I began having problems as soon as I brought the machine home, and that led to a concatenated series of trial-and-error attempts, that led to my turning off MASQUERADE; in the end, when I got everything else configured right, the final step was to turn MASQUERADE back on. So, my questions: Is this a product of my imperfect reading of the manual, an instance of wrong documentation, a bit of both? By using MASQUERADE and not SNAT, have I exposed my box to any mischief? Claude Jones Bluemont, VA, USA
