SNAT vs. Masquerade...

Discussion in 'Tomato Firmware' started by bripab007, Mar 31, 2009.

  1. bripab007

    bripab007 Network Guru Member

    Just curious if anyone's noticed any adverse or beneficial effects from using SNAT instead of Masquerade in Victek's RAF mod.

    Specifically, I've seen that it should be marginally quicker in NAT'ing since it doesn't look at the WAN IP when sending out packets from LAN hosts.

    I've also read that it's typically not used with DHCP'd WAN IP addresses (most home cable modem users and quite a few home DSL users, I would suspect) because the NAT table gets screwed up if the IP changes, however, it's been said that Tomato's firewall service restarts when WAN IP change is detected, so this shouldn't pose a problem.

    So, basically, I'm just looking for thoughts from those more well-versed in the subject than I :)
  2. bripab007

    bripab007 Network Guru Member

    No one has any thoughts on this? :tongue:
  3. Toastman

    Toastman Super Moderator Staff Member Member

    I'm no expert in the subject, but I have been trying it, I don't notice any speed difference myself. I never noticed any problem when the WAN IP changed. But I left it at MASQUERADE to be on the safe side in the end (chicken)....
    visceralpsyche likes this.
  4. bripab007

    bripab007 Network Guru Member

    Fair enough :) I was starting to chicken out, too, even though it's been running fine for the past week or so.

    I was going to see if I could force my cable modem to pick up a new IP address and see how Tomato reacts, just hadn't gotten around to it yet.
  5. Toastman

    Toastman Super Moderator Staff Member Member

    How are you finding your TM. Any odd quirks - is the stability any better with the extra memory? (I notice my ASUS seems less inclined to random reboot or reboot when accessing web GUI). I am trying to force myself to buy some!
  6. bripab007

    bripab007 Network Guru Member

    Man, the TM is awesome. It feels quicker than my old WRT54G ver.2, even though I've only overclocked it to 225Mhz. The extra RAM is probably great, although it's difficult for just me and my wife to really give it the torture test. I mean, I've had torrents downloading, while video iChat'ing, while surfing the web, while my wife is surfing on her computer, and it's held up just fine. Seems just as stable as Tomato's ever been. In fact, I just happened to notice that my WAN IP did get changed yesterday afternoon, and apparently SNAT and Tomato's firewall handled it just fine, so I guess I'll leave it on SNAT.

    But, yeah, I've bought three of the TM's so far, one to Tomato for myself, one I Tomato'd for my parents to replace their ridiculously slow and weak WRT54G ver.6 and one that I DD-WRT'd and sold to a friend and then configured it as a repeater with a virtual Access Point for his own apartment (the repeater is leeching the internet off his next-door neighbor's AP, and they split the bill).

    So, yeah, I'm quite happy with the TM :D
  7. Toastman

    Toastman Super Moderator Staff Member Member

    Thanks! That's very encouraging. Forgot to say, my ISP changes my IP every 24 hours, so it did get a good testing...
  8. FattysGoneWild

    FattysGoneWild LI Guru Member

    Did you guys ever find out which 1 is best to use? Does the selection matter if you have dsl, cable, fios etc? I am on cable internet if that makes any difference.
  9. fyellin

    fyellin LI Guru Member

    Just while we're on the subject. Is there documentation somewhere (or else just a quick summary) of what the difference is between SNAT and MASQUERADE? Wikipedia seems to indicate that what these terms mean precisely depends on the which manufacturer you're talking to.:confused:
  10. RonWessels

    RonWessels Network Guru Member

    Quick summary:

    Both are network address translation (NAT) techniques whereby the source (LAN) address gets automagically converted to another address (typically the WAN address) by the router.

    MASQUERADE converts the address to the WAN address, whatever it happens to be. In other words, at every conversion, it has to check what the WAN address is.

    SNAT converts the address to a fixed address, set to the WAN address by the firewall initialization. While this would be a problem if the WAN address subsequently changes, Tomato will restart the firewall (and therby re-initialize the SNAT address) when that happens.

    In theory, SNAT should be faster, since both are performing the same translation but MASQUERADE has to perform that extra lookup. In practice, we're only talking about a few machine instructions here, so the difference is not noticeable.
    visceralpsyche and kthaddock like this.
  11. fyellin

    fyellin LI Guru Member

    Exactly what I was looking for. Thanks for the clear explanation.
  12. Toastman

    Toastman Super Moderator Staff Member Member

    Me too, thanks Ron
  13. mrap

    mrap LI Guru Member

    Thanks for the explanation!
  14. Mr.CTT

    Mr.CTT Serious Server Member

    +1 Thank You!
  15. Tomato User

    Tomato User Network Newbie Member

    please tell me, whats TM?
  16. TrueBlueBlooded

    TrueBlueBlooded Addicted to LI Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice