Opened 7 years ago
#160 new defect
SNAT: add device to rules even with (old-style) virtual interfaces
| Reported by: | Adi Kriegisch | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
I'm using old-style virtual interfaces (eth0:0, ...). An interface definition looks like this (interface is named GW):
ACTIVE="Yes" IPADDRESS="10.10.10.1" DEVICE="eth0:1" VIRTUAL="Yes" (...)
When I use this interface for SNAT
Snat service any from my.lan to world.inet options out_int=\"GW\"
the iptables rules created omit the "-o eth0" part which causes me troubles because I have several other outgoing interfaces and all pakets originating from 'my.lan' end up being SNATed to GW's ip.
The interfaces were created with 'ip':
ip addr add 10.10.10.1 brd 10.10.10.255 dev eth0 label eth0:1
From ip-address man page:
label NAME
Each address may be tagged with a label string. In order to
preserve compatibility with Linux-2.0 net aliases, this string
must coincide with the name of the device or must be prefixed
with the device name followed by colon.
So assuming if there is a colon in the interface name, the part up to the first colon is the physical device's name seems sane and may be used for the '-o' option...
Note:
See TracTickets
for help on using tickets.
