Hello, On Mon, 12 Jan 2004, Rusty Russell wrote: > > Why should we do a route lookup at all ? MASQUERADE doesn't need the > > dst_entry but only the interface address. Using ifa_list->ifa_local > > of the outgoing in_device seems like the simplest solution to me. > > You take all the fun out. Selecting link local addresses is not always a fun :) The IP addresses are sorted by their scope. > Yes, this is the best. It always does *something*, and is > predictable. People with really complex routing shouldn't really use > MASQUERADE, since it's designed for a specific, simple case. Don't do that for 2.4, the users will not be happy. There are setups with non-default multipath routes, multipath routes with nexthops sharing same outdev, WAN interfaces which have their private link layer IPs at first position. MASQUERADE is better for some cases where SNAT can not be used at all: using source address autoselection based on the scope and the nexthop's GW IP. I vote for backing out the oif change and to return to the previous state - the routing is still smarter than any iptables rules. > Cheers, > Rusty. Regards -- Julian Anastasov <ja@ssi.bg> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
