Re: MASQUERADE: Route sent us somewhere else (was Re: Fw: Rusty'sbrain broke!)

[Julian Anastasov]

	Hello,

On Mon, 12 Jan 2004, Patrick McHardy wrote:

> Why should we do a route lookup at all ? MASQUERADE doesn't need the
> dst_entry but only the interface address. Using ifa_list->ifa_local
> of the outgoing in_device seems like the simplest solution to me.

	Because it is possible the output interface to be used for
many logical subnets. In such cases it is desired maddr to be
the preferred source address for the target. If the users do not
want to fill the routing cache with such entries they can add
SNAT rule for each path. The drawback is that SNAT has only -o
match, there is no GW match. As result, we can not properly assign
maddr in setups that have two GWs on same output interface.

> Regards,
> Patrick

Regards

--
Julian Anastasov <ja@xxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html