Good day,
In attempting to use the MASQUERADE target for some traffic that is locally
generated (as opposed to forwarded traffic) I found that the source IP
address was not being changed even though the rule was clearly being used.
A quick review of ipt_MASQUERADE.c turned up these lines at the beginning of
function masquerade_target():
/* FIXME: For the moment, don't do local packets, breaks
testsuite for 2.3.49 --RR */
if ((*pskb)->sk)
return NF_ACCEPT;
If I comment out the return statement, MASQUERADE of locally generated
packets seems to work without any problems.
My question are:
1) Why doesn't MASQUERADE handle local packets?
2) What would the damage be if I patched the source to comment out that
return statement? If it is simply a matter of causing an old test suite to
fail then that seems harmless enough to me but is there more to this story?
Thanks,
- Andrew Kraslavsky
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
