From: Jan Engelhardt <jengelh@xxxxxxxxxx> Date: Sun, 24 Aug 2008 19:39:52 -0400 (EDT) > It appears that the routing code selects the outgoing source address to > use for packets is chosen when the socket is established instead of > at routing time. > > The following presents a test case for "unexpected" (from a user's > perspective) behavior. > > Is there any way to make it behave as a user would expect? No matter when we had made the routing lookup, we would have ended up with what you see the kernel doing. The route is looked up long before netfilter even sees the packets. The source address selection at the socket level can only "see" the original destination address and therefore makes the source address selection using that original destination address. After iptables mangles things, the packet is rerouted but source address selection and IP header source address mangling are not going to occur. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
