netdev
[Top] [All Lists]

Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else")

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else")
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Mon, 30 Aug 2004 22:39:20 -0700
Cc: laforge@xxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, rusty@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <E1C1yRs-00086x-00@gondolin.me.apana.org.au>
References: <20040830191915.04d49268.davem@davemloft.net> <E1C1yRs-00086x-00@gondolin.me.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
On Tue, 31 Aug 2004 12:32:40 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> This is what happens:
> 
> * Forwarded packet is routed to iface1.
> * Packet hits MASQUERADE.
> * Routing lookup returns iface2 with different source address.
> 
> So if iface2's source address is not valid when the packet leaves on
> iface1, then the packet won't go very far.
> 
> If you're wondering why the second lookup is returning a different
> interface at all, it's because the routing lookup in MASQUERADE is
> done as if the packet was generated by localhost.  This is obviously
> going to differ from the normal routing lookup if the packet was
> forwarded.

I understand this description.

Would it be enough to set 'out' to rt->u.dst.dev after the call to
ip_route_output_key() in ipt_MASQUERADE.c?

<Prev in Thread] Current Thread [Next in Thread>