| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else") |
| From: | "David S. Miller" <davem@xxxxxxxxxxxxx> |
| Date: | Mon, 30 Aug 2004 22:39:20 -0700 |
| Cc: | laforge@xxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, rusty@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, kuznet@xxxxxxxxxxxxx |
| In-reply-to: | <E1C1yRs-00086x-00@gondolin.me.apana.org.au> |
| References: | <20040830191915.04d49268.davem@davemloft.net> <E1C1yRs-00086x-00@gondolin.me.apana.org.au> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Tue, 31 Aug 2004 12:32:40 +1000 Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > This is what happens: > > * Forwarded packet is routed to iface1. > * Packet hits MASQUERADE. > * Routing lookup returns iface2 with different source address. > > So if iface2's source address is not valid when the packet leaves on > iface1, then the packet won't go very far. > > If you're wondering why the second lookup is returning a different > interface at all, it's because the routing lookup in MASQUERADE is > done as if the packet was generated by localhost. This is obviously > going to differ from the normal routing lookup if the packet was > forwarded. I understand this description. Would it be enough to set 'out' to rt->u.dst.dev after the call to ip_route_output_key() in ipt_MASQUERADE.c? |
| Previous by Date: | Re: RFC/PATCH capture qdisc requeue event in stats, David S. Miller |
|---|---|
| Next by Date: | Re: neigh_create/inetdev_destroy race?, David S. Miller |
| Previous by Thread: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), Herbert Xu |
| Next by Thread: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), Julian Anastasov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |