On Mon, Jan 12, 2004 at 03:30:14PM +1100, Rusty Russell wrote: > In message <4001F33A.9000802@trash.net> you write: > > Julian Anastasov wrote: > > > > >- provide oif learned from the input route (as before the discussed > > >change). May be in 99% of the setups it selects the right route. > > >I think, we should use this, at least for 2.4. > > > > > > > > > > > Why should we do a route lookup at all ? MASQUERADE doesn't need the > > dst_entry but only the interface address. Using ifa_list->ifa_local > > of the outgoing in_device seems like the simplest solution to me. > > You take all the fun out. > > Yes, this is the best. It always does *something*, and is > predictable. People with really complex routing shouldn't really use > MASQUERADE, since it's designed for a specific, simple case. No, I really disagree with that. I still don't understand what the problem was with the old solution. We haven't received any complaints, at least not that I can remember. And as long as we don't provide a more sophisticated MASQUERADE replacement target, we shouldn't change the behaviour at all. You cannot use SNAT for the dynamic IP address case, because it doesn't flush the tables. And there are lots of users that have multiple DSL-dynip links these days, trying to statically or dynamically balance web requests between them, etc. > Cheers, > Rusty. -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature
