Re: MASQUERADE: Route sent us somewhere else (was Re: Fw: Rusty's brain broke!)

[Rusty Russell]

In message <20040113115428.GO20206@xxxxxxxxxxxxxxxxxxxxxxx> you write:
> > Yes, this is the best.  It always does *something*, and is
> > predictable.  People with really complex routing shouldn't really use
> > MASQUERADE, since it's designed for a specific, simple case.
> 
> No, I really disagree with that.  I still don't understand what the
> problem was with the old solution.  We haven't received any complaints,
> at least not that I can remember.

I'm not so sure.  We know Patrick's solution will work.  Yes it might
break things.

> And as long as we don't provide a more sophisticated MASQUERADE
> replacement target, we shouldn't change the behaviour at all.
> 
> You cannot use SNAT for the dynamic IP address case, because it doesn't
> flush the tables.

We should probably do "-j SNAT --dynamic" for this case.

> And there are lots of users that have multiple DSL-dynip links these
> days, trying to statically or dynamically balance web requests between
> them, etc.

In that case, the interfaces are different, (ppp0 vs ppp1) so no
problem.  You need something more complex to trigger the problem
AFAICT.

Rusty.
--
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html