In message <20040113115428.GO20206@sunbeam.de.gnumonks.org> you write: > > Yes, this is the best. It always does *something*, and is > > predictable. People with really complex routing shouldn't really use > > MASQUERADE, since it's designed for a specific, simple case. > > No, I really disagree with that. I still don't understand what the > problem was with the old solution. We haven't received any complaints, > at least not that I can remember. I'm not so sure. We know Patrick's solution will work. Yes it might break things. > And as long as we don't provide a more sophisticated MASQUERADE > replacement target, we shouldn't change the behaviour at all. > > You cannot use SNAT for the dynamic IP address case, because it doesn't > flush the tables. We should probably do "-j SNAT --dynamic" for this case. > And there are lots of users that have multiple DSL-dynip links these > days, trying to statically or dynamically balance web requests between > them, etc. In that case, the interfaces are different, (ppp0 vs ppp1) so no problem. You need something more complex to trigger the problem AFAICT. Rusty. -- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
