Hi Sumit, On Sat, 2003-08-30 at 14:35, Sumit Pandya wrote: > Hi charles, > Obviously alternative = 2 for your case. To make it work there must be > "bind" call from the local daemons. i would prefer (if possible) that the solution be external -- no src code changes, or alternatively, a change at a "parent" level so that "child" process inherit it. > If bind call is problem then one is (modifiled)(B) > (ModB) Here why you using POSTROUTING instead of OUTPUT for SNAT ? snat is only available in POSTROUTING -- dnat is available in PREROUTING and OUTPUT. only way to snat locally generated packets is to mark in OUTPUT then match and snat in POSTROUTING. The overhead isn't that bad as snat is consulted once ... > > for arp and icmp i'm adding a suggestion and i say solution (D) ;-) > (D) use arptable for arp and then use ROUTE target for arp/ICMP. acutally, there was a thread on src address for arp requests very recently discussed at: http://marc.theaimsgroup.com/?l=linux-kernel&m=106141566718585&w=2 thanks again, ciao charles - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
