SNAT and MASQUERADE do the same source NAT thing in the nat table within the POSTROUTING chain.


MASQUERADE does not require --to-source as it was made to work with dynamically assigned IPs
SNAT works with static IPs, that's why it has --to-source
MASQUERADE has extra overhead and is slower than SNAT because each time MASQUERADE target gets hit by a packet, it has to check for the IP address to use.
IMPORTANT: It is still possible to use MASQUERADE target with static IP, just be aware of the extra overhead.

UPD: To use SNAT instead of MASQUERADE simply remove "option masq 1" and add new NAT rule:

config nat
    option src wan
    option proto all
    option target SNAT
    option snat_ip ### Put your IP here

(Last edited by carter.himura on 14 Dec 2016, 18:51)