From: Ludovico Cavedon <cavedon@cs.ucsb.edu>
To: netfilter@vger.kernel.org
Subject: invoking nat POSTROUTING *after* bridging decision
Date: Wed, 26 Jan 2011 11:11:36 -0800 [thread overview]
Message-ID: <4D4071E8.2010908@cs.ucsb.edu> (raw)
Hi,
I have a machine which has two interfaces bridged together (eth0 and
eth1, on br0), plus a third interface eth2 on a separate network.
I would like to masquerade traffic from the eth2 network only if it sent
over eth0, and not if it is sent over eth1.
My problem is that the -t nat POSTROUTING rule is invoked after the
routing decision, before the packet enters the bridge. (i.e. with output
interface br0).
Is there any way to postpone the call to POSTROUTING after the bridging
decision has been been, or have the POSTROUTING chain called twice?
Thank you in advance,
Cheers,
Ludovico
PS:
For sake of completeness, I was able to get the NAT to work, by using a
POSTRUTING rules based on IP address, rather than output interfaces, as
I know which hosts are connected to each interface (eth0 or eth1).
However, if I run tcpdump in br0, I see outgoing packets with source IP
address masqueraded, but incoming packets have already been
un-masqueraded, making it annoyingly asymmetric...
next reply other threads:[~2011-01-26 19:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-26 19:11 Ludovico Cavedon [this message]
2011-01-26 20:00 ` invoking nat POSTROUTING *after* bridging decision Gáspár Lajos
2011-01-26 22:07 ` Ludovico Cavedon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D4071E8.2010908@cs.ucsb.edu \
--to=cavedon@cs.ucsb.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox