[systemd-bugs] [Bug 90282] New: IPMasquerade=yes should create -o rules (instead of -s)

Sat May 2 04:10:40 PDT 2015

https://bugs.freedesktop.org/show_bug.cgi?id=90282

            Bug ID: 90282
           Summary: IPMasquerade=yes should create -o rules (instead of
                    -s)
           Product: systemd
           Version: unspecified
          Hardware: All
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: systemd-bugs at lists.freedesktop.org
          Reporter: radek at podgorny.cz
        QA Contact: systemd-bugs at lists.freedesktop.org

consider the following situation:

router with interfaces as follows:
  lan: 10.25.3.1/24
  isp1: some public address
  isp2: 10.25.254.1/30 (with the entire 10.0.0.0/8 behind it - this is just a
peer-to-peer link)

now, i want the traffic to isp1 to be masqueraded but not the traffic to isp2
because i'm a part of the 10./8 "internet" (there are routes on the other side
that lead to me, too).

with current systemd (219) i have to set ipmaquerade for the lan interface
which adds the "-s 10.25.3.1/25" rule. this is imho wrong (reversed) since
masquerading should be decided depending on the destination, not the source. so
the "correct" way should be to set ipmasquerade for isp1 which should create
the "-o isp1" rule.

also, even if i'm wrong, wouldn't it make more sense to create at least a "-i
lan" rule? what is it based on addresses and not the interface?

thanks.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150502/23a8ea6c/attachment.html>