| To: | laforge@xxxxxxxxxxxxx (Harald Welte) |
|---|---|
| Subject: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else") |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Tue, 31 Aug 2004 12:20:53 +1000 |
| Cc: | davem@xxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, rusty@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, kuznet@xxxxxxxxxxxxx |
| In-reply-to: | <20040831013841.GA5824@xxxxxxxxxxxxxxxxxxxxxxx> |
| Organization: | Core |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.26-1-686-smp (i686)) |
Harald Welte <laforge@xxxxxxxxxxxxx> wrote: > > I've seen a number of users commenting out that check or even starting > to use the iptables ROUTE target (ugly) to get it working in their > setup. Or they start to use SNAT with scripts in PPP if-up to update > the ruleset with the new dynamic IP :( Yes I had to convert all my MASQUERADE rules over to SNAT due to this problem. Unfortunately I had to convert them back again because SNAT doesn't do an automatic flush which MASQUERADE does. Without the flush it's pretty useless when your interface address changes often. So it would be good to know why the oif key is a bad idea. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| Previous by Date: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), David S. Miller |
|---|---|
| Next by Date: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), David S. Miller |
| Previous by Thread: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), Julian Anastasov |
| Next by Thread: | Re: [RFC] MASQUERADE / policy routing ("Route send us somewhere else"), David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |