Re: [pve-devel] pvefw: masquerade problems and conntrack zones

Alexandre DERUMIER Mon, 10 Mar 2014 08:49:59 -0700

>>That behaves quite the same. 

Maybe, without veth ? (using bridge ip directly?).
So we don't need to have physdev match.



----- Mail original ----- 

De: "Dietmar Maurer" <diet...@proxmox.com> 
À: "Alexandre DERUMIER" <aderum...@odiso.com> 
Cc: pve-devel@pve.proxmox.com 
Envoyé: Lundi 10 Mars 2014 16:07:32 
Objet: RE: [pve-devel] pvefw: masquerade problems and conntrack zones 

> also, as MASQUERADE alternative, maybe it could work better with SNAT ? 
> (using ip of output device, instead physdev) 
> 
> 
> iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT -to-source 
> X.X.X.X(replace by ip of the output device) 

That behaves quite the same. 
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] pvefw: masquerade problems and conntrack zones

Reply via email to