On 22/05/14 at 11:41, Patrick Schaaf wrote: > Am 22.05.2014 11:15 schrieb "Andreas Herz" <andi@xxxxxxxxxxxxxxx>: > > > > I will try your hint to use ip_route_output_key twice. > > A second call with input src set to 0 will match a _different_ set of > rules, so that will probably not work. That's correct, the wrong rule will match again and the same issue with calling it without src ip in the first place. > > Although i still wonder why my requirement is so special :) > > Combining MASQUERADE with policy routing is probably a bit rare :) Is it? We have several scenarios in that we have more IPs on one interface and different routes and want to specify the source IP. Especially in cluster scenarios. > You could work around with a set of rules using SNAT while matching > outgoing interface and source/destination IPs - basically duplicating your > extra routing table in the nat POSTROUTING chains. But that is certainly a > pain to maintain... That's the reason why we ported MASQUERADE from 2.6.9 to the newer kernels to keep it to less rules. Since rt->src got removed i wanted to find a way to update the module, but for now it looks like i have to patch the kernel itself :/ Thanks so far. -- Andreas Herz -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
