Jan Engelhardt wrote:
Netfilter: Import xt_gateway Originally from <azez@xxxxxxxxxxxxxxx>, http://lists.netfilter.org/pipermail/netfilter-devel/2007-June/027954.html This adds a gateway match to iptables that lets you match against the routed ipv4 gateway, it is very useful for SNAT if you want to avoid replicating your routing in your SNAT table. e.g. iptables -t nat -A POSTROUTING -m gateway --nexthop \ 172.16.1.1 -j SNAT --to-address 172.16.1.5 iptables -t nat -A POSTROUTING -m gateway --nexthop \ 192.168.1.1 -j SNAT --to-address 192.168.1.25 to help you choose the right SNAT address.
I think MASQUERADE with properly set source addresses for the routes should do the same since we already use the gateway for the lookup. What advantages does this offer over using realms? - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html