From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marco Gaiarin Date: Fri, 12 Feb 2021 11:25:40 +0000 Subject: Re: Again policy routing and OUTPUT... Message-Id: <20210212112540.GH3116@sv.lnf.it> List-Id: References: <20210210091507.GD3677@sv.lnf.it> In-Reply-To: <20210210091507.GD3677@sv.lnf.it> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Mandi! Grant Taylor In chel di` si favelave... > > I can use SNAT to change source IP but... there's some more 'elegant' > > solution? > You /might/ need to use SNAT / MASQUERADE. [...] > Typically, as in kernel default, the source IP is chosen based on the IP = of > the outgoing interface, which is chosen based on routing to the destinati= on. > If you are overriding this routing decision and forcing traffic out a > different route, then there is a decent chance that the kernel will pick = the > wrong source IP. In situations like this, I expect that you will need to > SNAT / MASQUERADE. Perfectly clear. And you made me a bright idea. use 'MASQUERADE' instead of SNAT to prevent some exotic script coding... Thanks! --=20 dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.= it/ Polo FVG - Via della Bont=E0, 7 - 33078 - San Vito al Tagliamento= (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842= 797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)