[pve-devel] pvefw: masquerade problems and conntrack zones
Alexandre DERUMIER
aderumier at odiso.com
Mon Mar 10 16:49:29 CET 2014
>>That behaves quite the same.
Maybe, without veth ? (using bridge ip directly?).
So we don't need to have physdev match.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 10 Mars 2014 16:07:32
Objet: RE: [pve-devel] pvefw: masquerade problems and conntrack zones
> also, as MASQUERADE alternative, maybe it could work better with SNAT ?
> (using ip of output device, instead physdev)
>
>
> iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT -to-source
> X.X.X.X(replace by ip of the output device)
That behaves quite the same.
More information about the pve-devel
mailing list