search

systemd / systemd

The systemd System and Service Manager
https://systemd.io
GNU General Public License v2.0
13.1k stars 3.75k forks source link

IPMasquerade source prefix options #12011

Open b1tninja opened 5 years ago

b1tninja commented 5 years ago

8040

Is your feature request related to a problem? Please describe. When using IPMasquerade, currently a source prefix is added to the rule, preventing it from being useful when other subnets are used, which is often the case when routing from other interfaces.

Describe the solution you'd like Perhaps in addition to yes/no, other keywords for controlling this behavior. The default in my opinion should be to not specify a source address prefix at all, especially considering the current code assumes a single subnet. (No iteration for other addresses/prefixes).

Describe alternatives you've considered I see 4 distinct desired behaviors: no - obvious yes - iptables -t nat -o oif -j MAQUERADE internal - iptables -t nat -o oif -s 192.168.0.0/24 -j MASQUERADE external - iptables -t nat -o oif ! -s 192.168.0.0/24 -j MASQUERADE

flipreverse commented 4 months ago

Any news on this issue or on #8040 ? On my opinion, this a bug. Masquerading makes only sense if you specify the outgoing interface -- as a router does. Have a look at OpenWRT.