[re-add netdev -- I assume you meant to reply all] On Fri, Jun 26, 2015 at 1:32 PM, Francois Romieu <rom...@fr.zoreil.com> wrote: > Andy Lutomirski <l...@amacapital.net> : > [...] >> Could we add some option to do SNAT and inverse DNAT before routing? > > I haven't used it for ages but what's wrong with iptables + fwmark ? > > It takes place in PREROUTING.
This works, but it seems unnecessarily painful. It means that all of my policy rules have to be duplicated with fwmark rules based on '-m conntrack' or similar. Shouldn't the order of operations be: 1. Check rp_filter. 2. Handle NAT. 3. Routing decision. ? --Andy > > -- > Ueimor -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
