Content #
There are two ways of accomplishing SNAT with iptables.
SNAT target #
The SNAT target extension is intended for situations where the gateway computer has a static IP address, SNAT is a legal target only in the POSTROUTING chain. Because SNAT is applied immediately before the packet is sent out, only an outgoing interface can be specified.
MASQUERADE target #
The MASQUERADE target extension is intended for situations where the gateway computer has a dynamic IP address. The MASQUERADE target extension provides additional logic that deals with the possibility that the network interface could go off line and come back up again with a different address. Additional overhead is involved in this logic, so if you have a static IP address, you should use the SNAT target extension instead.