Hi, I don't see how. The rule should be applied only if destination is in ppp0 ip routes . Masquerading works filtering source, not destination.
Or i am missing something. Regards, Le mer. 22 avr. 2020 à 00:37, Justin Pryzby <pry...@telsasoft.com> a écrit : > On Wed, Apr 22, 2020 at 12:30:58AM +0200, Gaétan QUENTIN wrote: > > and snat: > > MASQUERADE 172.20.10.0/24 enp0s31f6 > > > > Now the problem: > > > > i add a vpn: ppp0. this one add routes like this ones: > > 192.168.0.0/19 via 172.19.13.95 dev ppp0 > > the vpn gateway is 172.19.13.95 > > > > From my container: > > > > - i still can ping internet and local network > > - i can't ping ip in ppp0 routes. If i do that, and i do tcpdump: > > - on br0: i can see packet go out , with container source ip: but reply > > never come > > - on enp0s31f6 i don't see anything > > - on ppp0 : i can see packets with container ip source and no replies. > > > > So why in that case masquerade do not work and what should i do? > > Don't you need a masq rule for DEST ppp0 ? > > -- > Justin > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
