On Tue, Aug 31, 2004 at 09:48:07AM +0300, Julian Anastasov wrote:
> So, if the input route for all packets selects dev1 before
> NAT but MASQUERADE selects different device (nexthop) bad things
> happen. It costs routing cache entries to provide oif key but almost
> in any case the right gateway is selected (except when two nexthops
> use same device).
I am willing to compromise at that cost. I cannot imagine a combination
of dynamic IP with multiple nexthop on the same device. Getting those
policy routing / DSL / dynip / MASQUERADE cases right is definitely more
important.
Any static IP case should be using SNAT, that's always been documented.
> Regards
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
signature.asc
Description: Digital signature
|