>>That behaves quite the same. Maybe, without veth ? (using bridge ip directly?). So we don't need to have physdev match.
----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Lundi 10 Mars 2014 16:07:32 Objet: RE: [pve-devel] pvefw: masquerade problems and conntrack zones > also, as MASQUERADE alternative, maybe it could work better with SNAT ? > (using ip of output device, instead physdev) > > > iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT -to-source > X.X.X.X(replace by ip of the output device) That behaves quite the same. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
